Risk Assessments are performed on information systems, including but not limited to,
- Hardware, software, some network connections
- Services (new or existing) products
- Renewal, migration, upgrades, enhancements of a pre-existing system or environment
- Tools, cloud services, applications
Each new submission for risk assessment or “Request” is reviewed for the following criteria: security, privacy, and alignment with the university’s technology goals. This process involves multiple units, including the Information Security Office, the Privacy Office, the Office of the General Counsel, and Procurement Services. In general, it will take two business days for a determination to be made by the departments involved with regards to the next steps for your Request.
Risk Assessments require a description of the project and a data classification level identified. The Risk Assessment should be completed by someone with extensive knowledge of the information system and/or the products to be purchased.
To begin the process, access UF’s Risk Management System and click the “Begin Here” button to get started. If you do not have a GatorLink username and password, please contact your Department Security Administrator.
If, based on the information supplied in the Request, a full risk assessment is required, the process may take between 2 and 12 weeks to complete. The established process is based on many factors, and designed to meet all university policies, Board of Governors policies, Florida Statutes, and comply with federal laws.
To report an access issue to the UF Risk Management System, please log a UFIT service request UFIT Service Portal.