Information Security Risk and Information Security Knowledge (R.I.S.K.)
Risk Assessment Process
Information Security R.I.S.K. Program
As part of the OUHSC Information Security R.I.S.K. program all information system resources must undergo a risk assessment process to properly identify risks and determine appropriate responses and controls.The level of this assessment will be determined by the classification of the information system resource and its data.
Product Review Policy
All information system resources receiving, storing and/or transmitting University data must have a Product Review completed by OUHSC IT to identify risks and necessary regulatory controls. Information System Product Review Policy
All OUHSC Risk Assessments (Product Reviews), must supply pertinent information regarding the security capabilities of the requested product. This information is captured in the OUHSC Information Security Risk Assessment questionnaire.
ROWS 8-38 will automatically determine the classification of the request and determine what security questions must be answered. Please pay careful attention and respond accurately to these questions.
The OUHSC Information Security Risk Assessment Questionnaires can be located by clicking the links below:
***NOTE***The Information Security Risk Assessment process does not constitute an approval or authorization to purchase a reviewed product. State of Oklahoma and University purchasing rules still apply.
New instructions for the Information Technology Product Review process:
The review begins in and is controlled by the automated system used by HSC Information Technology to manage requests.
The first step in the process is to login to Service Now by visiting the http://ServiceNowLoginPage. You will be re-directed to the HSC Information Technology self-service system where you can sign in using your normal OUHSC UserID and Password
After logging in, go to http://it.ouhsc.edu/servicecatalog.
When prompted to select a campus, select Oklahoma City.
Select Product Review in the Professional Services section.
Read the information in the top portion if you are unfamiliar with the process. Some of the data will already be filled in for you, such as your UserID, Department, and Campus phone number. Complete the Product Review request form with as much detail as possible. Providing as much information as possible when the item is first sumbitted for review will expidite the request.
When the form is complete click on the ORDER NOW button in the top-right portion of the webpage to submit the item for review.
After you have chosen the Order Now button you may log out of the IT self-service system.
You will receive an email from firstname.lastname@example.org for each item you have requested for review. Please use the request numbers provided in this email if you have to ask for further assistance from IT.
When the Review process is complete, you will also recieve another email informing you of the completion of the review and providing you with a link to the complete review, including both the information you submitted and any Inforamation Technology feedback or recommendations. It is this information that may be requested by Purchasing prior to any order being placed.
After submitting your request, IT Security will schedule a conference call to discuss the nature of your request and to provide any Information Security recommendations identified as part of the assessment. IT IS CRITICAL TO HELP IT SECURITY BRING ALL INVOLVED PARTIES TOGETHER TO DISCUSS PRODUCT REVIEW REQUESTS.
Revised on 10/28/2014 to update the ServiceNow URL and provide updated screenshots of the request process.
Revised on 12/11/2014 to remove the link to the MS Word request form since the form has moved to ServiceNow.
Revised on 05/16/2017 to add links to OUHSC Risk Assessment Questionnaires.
Reviews on 07/17/2017 to update Review Criteria.