Michigan

In plain terms. Michigan centralizes state IT and security in the Department of Technology, Management, and Budget, under a state CIO.

Who it applies to. State agencies and their IT vendors. The state participates in StateRAMP, its baseline for vetting cloud-service security.

What it requires. State law establishes the Chief Information Officer, created the Department of Information Technology (now within DTMB), and governs state automated information processing.

Why it matters. Vendors selling IT to Michigan operate under DTMB's centralized IT authority and data-privacy policy.

Citation. Mich. Comp. Laws §§ 18.230 (Chief Information Officer), 18.41 (Creation of the Department of Information Technology), and 18.1203 (State Automated Information Processing).

In plain terms. Michigan's vendor expectations come through enterprise IT and data-privacy policy.

Who it applies to. State agencies and their IT vendors.

What it requires. The enterprise information-technology policy and the data-privacy policy set the security and privacy requirements agencies — and the vendors serving them — must follow.

Why it matters. Expect Michigan's enterprise IT and data-privacy policies to govern how you handle state systems and data.

Citation. Mich. Admin. Guide Policy 1305.00 (Enterprise Information Technology Policy) and Policy 2610.01 (Data Privacy).