Information Security Reports
HighlightsThe focus of the IT Security Program, which applies to all University campuses, is to protect the information and the information technology resources of the University. Information and Infrastructure Assurance (IIA), a unit of ITS, leads and coordinates the overall program, while schools, colleges, and central units are responsible for implementing unit-level security measures to mitigate risks and to comply with information security policies and regulations.
The information security reports provide units with:
- A high-level overview of the University-wide IT Security Program
- A snapshot of a unit’s progress in implementing required security measures and processes
The IT Security Program Overview provides information about the overall IT security program, the strategies and policies for implementing the program, and program accomplishments.
The Unit-Level Security report provides each unit with an annual snapshot of its progress in implementing the IT security program and becoming compliant with the University's Information Security policy. With it, you can:
- View metrics reflecting your compliance with the information security policy compared to other units (updated annually)
- View additional information reflecting various characteristics of your unit relative to other units (updated annually)
The overall compliance score (0 - 6) of a given unit reflects the following key indicators:
- Progress Report – Has your unit completed the annual security progress report? (yes=2; partially=1; no=0)
- Certification Response – What was your unit’s response to the internal controls certification question about IT security last year? (yes=2; partially=1; no=0)
Note: For more information about the IT security certification question please see https://www.safecomputing.umich.edu/itprof/security_cert_question.php (authorization required)
- Risk Assessment Progress – Is your unit on track to complete its security risk assessments within a four-year cycle? (yes=2; partially=1; no=0).
Note: Units are expected to complete all security risk assessments around their sensitive and critical information assets within a four-year cycle.
- Cycle #2: July 1, 2010 through June 30, 2014
Data SourcesThe data used in the Information Security reports comes from the following sources:
- Progress Report Status – Unit characteristics data provided annually (in November) by units to IIA
- Certification Response – Internal Controls Certification Process conducted annually in September
- Risk Assessment Progress – Completed risk assessments provided to IIA by the end of the fiscal year
Access DetailsWho needs access?
The overview report is available to deans, directors, budget administrators, security unit liaisons and the IIA Council. The unit-level report is available to the same audiences. However, unit-level security is implemented so that individuals can only view their own unit reports.How do I request access?
There is no auto-granted access to these reports. Users with a business need can request access through their security unit liaison. See a list of liaisons at https://www.safecomputing.umich.edu/download/Security UL List.pdf. The security unit liaison should contact ITS/IIA at firstname.lastname@example.org to process the request.What can users see?
When you first view the Information Security tab, you can choose the Overview report or Department Reports from the left-hand navigation menu. When you choose Department Reports, the report shows the unit that you have been authorized to view.
|Progress Report Status||Unit characteristics data provided annually (in November) by units to ITS/IIA|
|Certification Response||Internal Controls Certification Process conducted annually in September|
|Risk Assessment Progress||Completed risk assessments provided to ITS/IIA By the end of the fiscal year|
Additional information about the IT Security Program is available at: