Risk Assessments are performed on information systems, including but not limited to,
- Hardware, software, some network connections
- Services (new or existing) products
- Renewal, migration, upgrades, enhancements of a pre-existing system or environment
- Tools, cloud services, applications
Each new submission for risk assessment or “Request” is reviewed for the following criteria: security, privacy, and alignment with the university’s technology goals. This process involves multiple units, including the Information Security Office, the Privacy Office, the Office of the General Counsel, and Procurement Services. In general, it will take two business days for a determination to be made by the departments involved with regards to the next steps for your Request.
Risk Assessments require a description of the project and a data classification level identified. The Risk Assessment should be completed by someone with extensive knowledge of the information system and/or the products to be purchased.
To begin the process, access UF’s Integrated Risk Management System and click the “Submit Request Here” button to get started. If you do not have a GatorLink username and password, please contact your Department Security Administrator.
It is suggested that everyone using the Integrated Risk Management System complete the brief online Integrated Risk Management System training course UF_ITT104_OLT.
If, based on the information supplied in the Request, a full risk assessment is required, the process may take between 2 and 12 weeks to complete. The established process is based on many factors, and designed to meet all university policies, Board of Governors policies, Florida Statutes, and comply with federal laws.
Access the UF Integrated Risk Management System
*Note: The UF Integrated Risk Management system is internal to the UF network. If you are connecting remotely, you will need to utilize the UF VPN client.
To report an access issue to the UF Integrated Risk Management system, please email UFRM Change Control.