Security and Risk Assessment Process


As part of the evaluation and procurement process for new services and applications, a review of the security, privacy, and risk is required to ensure the security of University data and systems.


Step 1 - Review the list of previously reviewed and approved applications and services. If an application or service on the list will meet your needs, contact Information Security ( to ensure that your usage will align with the previous approval, as the use of solutions on this list are approved on a per-project basis. 


Step 2 - Understand the data classification of the information being stored, processed, or utilized within the application or service. Refer to the Data Storage Guidelines for more information on data classifications. 


Step 3 - If this is a new application or service not in the approved list, submit the following documentation to Information Security (


Step 3 - Once received, the Information Security team will create a Footprints ticket for tracking and will review the provided information. You will be contacted regarding approval or with additional questions as required.



CCS Information Security
Last Updated: October 25, 2023

File attachments

© 2005 - 2024 ProProfs