Profile

Good Evening, Since Jay will be vacationing next week Wendy and I will be facilitating the meeting next Tuesday Dec 18th. Here are the current agenda topics: 800-171 r3 updates Educause Comment documentation update Future Agenda Topics Parking lot priorities ...

Nathan, Like UArizona, UMich follows the guidance in NIST SP 800-60. We found that 4 classifications work better in our environment. Low, Moderate, High and Restricted and they apply to both research and institutional data. Our data classification structure is available publicly at U-M Data ...

Educause is actively seeking feedback on the final public draft of version 800-171r3. We've organized a working group, dedicated to forming commentaries and incorporating community perspectives, in time for the January 12th deadline. As we are currently in the comments creation stage, we welcome the ...

Greg, I believe this will become more common, two years ago the University of Michigan, Ross business school had to deal with GDPR in the opposite direction. I helped the unit answer GDPR questions to show that they could honor the request and requirements of having Eurozone students attend a semester ...

The University of Michigan requires BAAs for data that will be handling PHI in alignment with our data classification system governance. Our health system requires users to use the Health system version of MS office 365 and they use Microsoft exchange, outlook, and MS calendar so I assume they have BAAs ...

Matt, Please keep in mind that the way this works at UM is we have university-wide policies - standard practice guide, In those SPGs we have a subset of policies that apply to IT, from there we have our IT / Data Security standards which are listed on the link provided. From the standards, ITS creates ...