Risk Assessments are performed on information systems, including but not limited to,
- Hardware, software, some network connections
- Services (new or existing) products
- Renewal, migration, upgrades, enhancements of a pre-existing system or environment
- Tools, cloud services, applications
Each new submission for risk assessment or “intake” is reviewed for the following criteria: security, privacy, and alignment with the university’s technology goals. This process involves multiple units, including the Information Security Office, the Privacy Office, the Office of the General Counsel, and Procurement Services. In general, it will take 24 hours for a determination to be made by the departments involved with regards to the next steps for your request.
Please note, the renewal of an existing license or service will be approved for purchase upon completion of the intake form.
Risk Assessments require a description of the project and a data classification level identified. The Risk Assessment should be completed by someone with extensive knowledge of the information system and/or the products to be purchased.
To begin the process, access UF’s IT Risk Management System and click the “Submit an Intake” button to get started. If you do not have a GatorLink username and password please send an email to CISO-ISR@mail.ufl.edu.
If, based on the information supplied in the intake, a full risk assessment is required, the process may take between two and 12 weeks to complete. The established process is based on many factors, and designed to meet all university policies, Board of Governors policies, Florida Statutes, and comply with federal laws.