Information Technology Policies

Compliance Resource Center

Policies Under Review

Policies in development go through a public review before they are published. See which policies are in the review stage »

On this page:

The University of Michigan provides information technology resources to a large and varied group, including faculty, staff, students, and guests. All members of this community are responsible for using these resources in an effective, efficient, and ethical manner that does not interfere with the reasonable use by other community members or endanger the University's tax-exempt or legal status. In particular, University employees who deal with sensitive data are required to exercise due diligence with regard to privacy and security policies and practices.

The information technology policies noted below apply to the entire University of Michigan community and its guests.

Entities within the University, such as Information and Technology Services (ITS), maintain additional information technology policies or guidelines that apply to the University at large.

In addition to the University-wide policies, supplemental policies may apply at other levels and in specific areas. For example, the Dearborn and Flint campuses; the University of Michigan Health System; and individual schools, colleges, or departments may maintain policies for users of their respective networks and services.

Several key drivers will help determine IT policy priorities. These include:

  • U-M environment: Policies should align to core academic, research, learning and teaching, and administrative missions.

  • Legal and regulatory environment: Policies should be in compliance with all statutory requirements.

  • 10 year-gap: Policies need to be updated to properly account for the decade during which U-M did not have a comprehensive IT policy function (2001-2011).

  • Risk environment: Policies should satisfactorily account for an ever-changing array of environmental, technological, and operational risks.

  • Best practices: Policies should reflect industry and higher education best practices.

Violations of the information technology policies at the University of Michigan may result in disciplinary action by the University.

Policy Oversight and Approval

The Vice President for Information Technology and Chief Information Officer (VPIT CIO) has oversight responsibility for IT policy. Information and Infrastructure Assurance (IIA), by delegation of the VPIT CIO, coordinates the IT policy function for U-M, with responsibility for policy development, education, and maintenance; IIA maintains a complete repository of institutional IT policies, standards and guidelines.

The IT Policy Development and Administration Framework specifies the process for drafting new—or revising old—IT policies. The IT Council and IT Executive Committee have reviewed and approved the framework.

The U-M IT governance groups set campus-wide priorities for IT services, resources and facilities. Policies and standards and guidelines have different levels of final approval authority. Specifically:

IT Policy Development

Information technology policies articulate the university's vision, strategy, and principles as they relate to the use of information and information technology resources. IT policies interpret applicable laws and regulations and ensure that the policies are consistent with legal and contractual requirements. In addition, IT policies specify requirements and standards for the consistent use of IT resources across the university.

Information Assurance (IA) coordinates  university-wide, systematic IT policy initiative. This IT policy program will develop and maintain IT policies that are in step with emerging technologies and align with the university's mission. To support the IT policy development process, a detailed framework was adopted that:

  • Determines when to establish a policy, guideline or standard
  • Determines the criteria for what should be in a policy, guideline or standards
  • Creates a collaborative methodology for the drafting, approving, updating, and expiration of policies, standards, and guidelines
  • Documents and publishes policies, standards, and guidelines
  • Serves as a campus-wide resource to consistently interpret and arbitrate policies
  • Measures policy effectiveness and level of adoption

For More Information

For more information, to submit comments or feedback, or seek assistance with policy interpretation, contact Information Assurance (IA) via the ITS Service Center.