The mission of the Information Security Office is to safeguard the confidentiality, integrity, and availability of information systems by providing proactive security expertise, creating and maintaining a robust security architecture and fostering a culture of security awareness throughout the campus.

Information Security Office:
Security Assurance & Compliance
The Security Compliance and Quality Control unit is responsible for creating institutional awareness about and adherence to IT security policies, procedures, and best practices, ensuring compliance with regulatory standards such as PCI, FERPA, GLBA, Red Flag, HIPAA, and FISMA, and conducting IT security assurance audits to validate the effectiveness of existing controls. This unit develops enterprise-wide IT security policies and standard operating procedures that address the regulatory and data protection needs of the University.
Enterprise Security Architecture & Operations
The Enterprise Security Architecture and Operations unit is primarily responsible for establishing UM’s institutional IT security strategy, managing the existing security infrastructure, planning and prioritizing IT security investments, incident response, monitoring, forensic investigations, and vulnerability remediation. This unit has an important long-term planning and capital budgeting function, guides disaster recovery and business continuity efforts, and intervenes to minimize or prevent business disruption from security threats. Operationally, this unit establishes the configurations, settings and rules for security appliances such as firewalls and intrusion detection systems.
Quality Control
The Quality Control unit is responsible for guiding and coaching system teams in validating computerized systems used in clinical research trials to FDA standards. The main duties include directing validation projects and documentation packages for multiple clinical trial and medical management systems, ensuring system compliance to UM Quality Assurance standards, FDA regulations, and other related external and internal requirements, and developing departmental standard operating procedures and work instructions as needed for performing system validation work.