IRM FAQs
There are five total steps in the risk assessment process if your project is determined to need a more thorough review. A high-level overview of each step is listed below:
Step 1 – Request: The initial request form is submitted.
Step 2 – ISM Review: The requestor’s ISM performs an initial review to determine the following:
- What other administrative and compliance offices need to be involved in the review process?
- Can the risk assessment be “fast-tracked”?
Step 3 – ISM Categorization: Your ISM provides details about the implementation of your project. They may contact you if they need additional information.
Step 4 – Risk Analysis: The ISO reviews your project.
Step 5 – Assessment Complete: The risk assessment is complete.
No. If you are purchasing or using technology that fits one of the Fast Path Solutions listed, and you follow the use guidelines of that solution presented on the IRM website, you do not need to submit a request form for a full assessment.
Note: If you are using the technology for a data type other than what is laid out in the guidelines, you are required to submit a request for risk assessment at https://security.ufl.edu/submit-a-request/
If your request needs to undergo a full risk assessment, here are some tips for expediting the process:
- Work closely with your department’s Information Security Manager (ISM). Your ISM is trained on the risk assessment process, and they will work with you to complete it. Search for your department ISM using this link:
- Try to respond as quickly as possible when your ISM reaches out for information. Depending on your scope of work, the risk assessment process can include up to four steps, and each step includes a set of questions that must be answered. Your ISM may need additional information from you to complete the steps.
- Contact IRM with any questions or concerns before and during the assessment.