The mission of the Information Security Office is to safeguard the confidentiality, integrity, and availability of information systems by providing proactive security expertise, creating and maintaining a robust security architecture and fostering a culture of security awareness throughout the campus.
Information Security Office:
- Security Compliance
- The Security Compliance unit is responsible for creating institutional awareness about and adherence to IT security policies, procedures, and best practices, ensuring compliance with regulatory standards such as PCI, FERPA, GLBA, Red Flag, HIPAA, and FISMA, and conducting IT security assurance audits to validate the effectiveness of existing controls.
- Enterprise Security Architecture
- The Enterprise Security Architecture and Operations unit is primarily responsible for establishing UM’s institutional IT security strategy, managing the existing security infrastructure, planning and prioritizing IT security investments, incident response, monitoring, forensic investigations, and vulnerability remediation.
- Quality Control
- The Quality Control unit is responsible for guiding and coaching system teams in validating computerized systems used in clinical research trials to FDA standards.