General Information Technology Policies

Learn More About U-M Compliance

Laws and Regulations

Information Security Laws and Regulations require the university to apply certain security safeguards around sensitive institutional data at specific data classification levels. Industry standards, such as those that apply to credit card payments, create additional requirements.

Policies and Standards

University policies support institutional compliance with laws, regulations, and industry standards. They are housed in the U-M Standard Practice Guide (SPG) and go through an extensive and lengthy review process. Final approval for new policies and revisions to existing ones rests with the university's executive officers.

IT standards provide more detailed guidance for implementing university policies. They are generally associated with and support a specific policy. They fall into two categories: data security (DS) and data management (DM). Final approval for IT standards rests with the university vice president for information technology and chief information officer. These are typically updated more frequently than are university policies.

Responsible Use

Responsible use policies stipulate the principles, rules, standards of conduct, and practices that members of the university community agree to comply with as a condition of being provided access to U-M information networks and resources.

The U-M Statement on Stewardship outlines the fundamental responsibilities of every member of the university community in their functioning as a steward of university resources, including information resources.

Information Security

Information security policies and standards deal with how the university protects its information technology assets and institutional sensitive data while complying with all relevant laws and regulations.


Privacy policies and standards express the university’s commitment to maintain the privacy and confidentiality of personal information given to it, whether from students, faculty, staff, patients, customers, alumni, donors, or visitors. These policies state the conditions under which U-M maintains, stores, or discloses personal information and complies with privacy laws and regulations.

Data Management

Data management policies and standards reflect the current data governance structure at U-M. are concerned with the end-to-end lifecycle of all institutional data, and most importantly support the access by appropriate and authorized members of the university community to trustworthy and reliable institutional data when and where it is needed.

Information Technology System Standards

System standards help ensure that the university is consistently applying technical processes and protocols that reflect current industry best practices. System standards carry the weight of policy and are housed in the U-M Standard Practice Guide (SPG).

Other U-M Policies with IT-Related Provisions