Skip to main content

Security improves risk assessment process

The Risk Team within the Information Security Office continues to look for ways to streamline the risk assessment process and more effectively balance security controls against business needs. Members of the Risk Team also strive to improve the customer experience when they engage in a risk assessment.






Toward that end, the Information Security Office enhanced the risk assessment process during the fiscal year. The group:

  • Developed a standard set of security questions, based on industry standards, to determine if a vendor’s security controls are adequate to protect University data and meet regulatory requirements.
  • Developed a timeline that more clearly defines the various stages of the assessment process and puts limits on the amount of time allocated to each phase. This will help the group stay on track, especially when working with vendors in gathering information.
  • Created a benchmark for each type of assessment to simplify decisions based on clear and consistent criteria.

Mel Radcliffe

Process improvement is an ongoing effort, said Mel Radcliffe, IT Security Specialist with Information Security. With these changes and others being planned, the Risk Team is working toward improving the customer experience and reducing risk while enabling the University to conduct its business.

Key Partner(s): Privacy Office, Research Computing
Comments are closed.