The importance of IT policies and how they protect the university

October 12, 2022  //  FOUND IN: Updates & Resources

Cybersecurity is the safeguarding of networks, computer systems and sensitive information. 

Technology, policies and processes, and behaviors are components that make up cybersecurity. 

Policies are a way for organizations to communicate how their employees should handle circumstances and operate technology. It’s essential to understand and be knowledgeable about the policies that affect your daily activities. 

The U-M Standard Practice Guides (SPGs) are universitywide policies. They apply to the whole institution. 

Some units may create additional policies and procedures to follow, but they must remain consistent with the SPGs. 

Data Security Standards (DS) offer detailed guidance for applying university policies. Information Security (SPG 601.27) is a great place to learn about data types and their protection.

Michigan Medicine policies are derived from the larger U-M frameworks. These policies provide additional restrictions and specificity — and are designed to address the unique health care environment of Michigan Medicine. 

To learn more about Michigan Medicine’s policies, including IT-related policies, visit PolicyStat.

A new IT policy, the Information Security Discipline Policy, was published over the summer. This new policy is an extension of Violations of Privacy or Security of Protected Health Information (PHI) or Other Sensitive Information for All Michigan Medicine Workforce Policy, 01-04-390. These policies will ensure internal incidents (intentional or accidental) violating IT security policies, systems, networks and services are handled appropriately.

Remember, cyber safety doesn’t require you to be an expert in IT. 

Familiarize yourself with U-M and Michigan Medicine IT policies, data standards and best practices. Adherence to IT policy is another key piece in the cyber safety puzzle.