This service is a risk assessment methodology developed for use at U-M. - RECON assessments are part of U-M's ongoing Information Security Risk Management process. - Information Security (SPG 601.27) requires every unit to periodically conduct RECONs. - Information Security Risk Management (DS-13) defines which systems must be assessed, the frequency of those assessments, and who must perform the RECON.