Risk Requests and Assessments


What is a Request?
Risk Requests are performed on information systems, including but not limited to:
- Hardware, software, some network connections
- Services (new or existing)
- Renewal, migration, upgrades, enhancements of a pre-existing system or environment
- Tools, cloud services, applications
Each new Request is reviewed for the following criteria: security, privacy, and alignment with the university’s technology goals. This process involves multiple units, including the Information Security Office, the Privacy Office, the Office of the General Counsel, and Procurement Services. In general, it will take two business days for a determination to be made by the departments involved with regards to the next steps for your Request.
Risk Requests require a description of the project and a data classification level identified. The Risk Requests should be completed by someone with extensive knowledge of the information system and/or the products to be purchased.
If, based on the information supplied in the Request, a full Risk Assessment is required, the process may take between 2 and 12 weeks to complete. The established process is based on many factors and is designed to ensure the requested system complies with all university policies, Board of Governors policies, Florida Statutes and federal laws.
Getting Started
To begin the process, visit the Submit a Request form and fill out the fields. Once you submit the form, you will receive an email containing a tracking ID that you can use to check on the status of your Request.