What connections keep your unit running?

January 6, 2023  //  FOUND IN: Updates & Resources,

Approximately a 3-minute read

Key takeaways:

  • Information Assurance will be partnering with colleagues to create an inventory of the organization’s Digital Critical Assets.
  • The work will begin with pilot units before covering the entire organization.
  • The aim is to limit risk and keep Michigan Medicine as cybersecure as possible.

In support of the organization’s mission and goal of ransomware readiness, Information Assurance is partnering with critical business units to create a transparent and comprehensive inventory of Digital Critical Assets (DCA).

This partnership will include a defined process which begins with IA reaching out to business owner and subject matter experts (SMEs).

This effort will include both identification of initial inventory and an operational process to facilitate the ongoing identification, collection and management of Digital Critical Assets to ensure accuracy and completeness.

What are Digital Critical Assets?

DCA’s are critically-important data, software, and systems required to maintain some of the organization’s most important functions. In short, it is anything digital that is critical to keeping Michigan Medicine running on a daily basis.

Maintaining an accurate inventory of DCAs supports the strategic direction of proactively managing risks to mission-critical services. An accurate inventory also allows for the prioritization and remediation of risk that may impact operations and keeps everything as cybersecure as possible.  

Benefits

  • Helps identify single points of failure
  • Creates an online inventory database of Digital Critical Assets within ServiceNow
  • Supports Continuity of Operations (COOP) and Information System Contingency Plan (ISCP) planning

Who will be impacted by the project?

While everyone may have a role to play in the IA project, the following groups may be leaned on more heavily: administrative directors / business managers; SMEs (e.g., clinical director, administrative director, nursing director, medical director); others with specific critical business function expertise; and trusted service providers. 

Project stages

Here is the planned rundown of the upcoming project:

  • A sample selection of pilot business units will be identified for initial interviews. 
  • Digital Critical Asset discovery will be carried out within pilot business units. 
    • The IA Cybersecurity and Risk Management Continuity & Resiliency team will meet/interview pilot participants 
    • Asset data will be gathered and reviewed by the IA team and validated with the business owner 
  • Data is entered into ServiceNow inventory database and identified as Digital Critical Assets. 
  • IA will guide a sample set of business units through the inventory operational process and adjust the process as needed based on feedback. 
  • A final Digital Critical Asset process is operationalized for rollout to remaining Michigan Medicine business units.
  • The project will end when processes are operationalized. 

For more information, email ia-mm-criticalasset-project@med.umich.edu or refer to KB article KB0020761.

RELATED STORIES