Information Technology Policies Under Review

IT policies and standards are regularly reviewed and updated as needed, in accordance with Development of University Policy (SPG 601.35), the Procedures for Development of University Policy, and the IT Policy Development and Administration Framework.

The IT policies and standards below are currently under revision or development. Drafts, where available, are open for review. Members of the university community are welcome to provide feedback at [email protected].

Policies and Standards Under Review

Secure Coding and Application Security (DS-18)

Recently Updated Policies and Standards

Vulnerability Management (DS-21)

  • The Vulnerability Management (DS-21) standard was revised to introduce a requirement to implement the enterprise vulnerability management service on UM-owned devices, update vulnerability prioritization, establish an exception process, and refresh guidance. See the revision draft for details (U-M login required).
  • UPDATE DATE: July 1, 2026.

Security of Personally Owned Devices that Access or Maintain Sensitive University Data (SPG 601.33)