Risk Requests and Assessments

You'll be in contact with your ISM throughout the Risk Request process. If you're unsure who your ISM is, you can find them via the link below.

Find Your Leadership

Once you've identified a technology you want to work with, fill out the form at the link below to start the Risk Review process.

Submit a Request

What is a Request?

Risk Requests are performed on information systems, including but not limited to:

Hardware, software, some network connections
Services (new or existing)
Renewal, migration, upgrades, enhancements of a pre-existing system or environment
Tools, cloud services, applications

Each new Request is reviewed for the following criteria: security, privacy, and alignment with the university’s technology goals. This process involves multiple units, including the Information Security Office, the Privacy Office, the Office of the General Counsel, and Procurement Services. In general, it will take two business days for a determination to be made by the departments involved with regards to the next steps for your Request.

Risk Requests require a description of the project and a data classification level identified. The Risk Requests should be completed by someone with extensive knowledge of the information system and/or the products to be purchased.

If, based on the information supplied in the Request, a full Risk Assessment is required, the process may take between 2 and 12 weeks to complete. The established process is based on many factors and is designed to ensure the requested system complies with all university policies, Board of Governors policies, Florida Statutes and federal laws.

Getting Started

To begin the process, visit the Submit a Request form and fill out the fields. Once you submit the form, you will receive an email containing a tracking ID that you can use to check on the status of your Request.