OUHSC Information Technology Department


Home  |  Online Help  |  Policies  |  Forms  |  Tier Ones


Information Security Risk and Information Security Knowledge (R.I.S.K.)

Risk Assessment Process

Information Security R.I.S.K. Program
As part of the OUHSC Information Security R.I.S.K. program all information system resources must undergo a risk assessment process to properly identify risks and determine appropriate responses and controls.The level of this assessment will be determined by the classification of the information system resource and its data.

Product Review Policy
All information system resources receiving, storing and/or transmitting University data must have a Product Review completed by OUHSC IT to identify risks and necessary regulatory controls.  Information System Product Review Policy

Review Criteria
Information Technology will review technology products for compatibility, interoperability and compliance with security and other requirements.  Depending upon system type and classification, the review process may be relevant for products that are in production, development, acquisition, or revision. This could include asking an external service provider to respond to an OUHSC Information Security questionnaire or asking the IS Administrator to respond to an OUHSC Information Security questionnaire.

Please be prepared to answer questions regarding the following, as it pertains to technology purchases:

  • The Information System components involved (servers, workstations, laptops, websites, etc.)
  • Network connectivity requirements (outbound internet access, inbound internet access, e-mail, etc.)
  • Business Unit Roles & Responsibilities (Please refer to Business Unit Roles and Responsibilities Policy)
  • Data control and sharing

The OUHSC Information Security Risk Assessment Questionnaires can be located by clicking the links below:

After submitting your request, IT Security will schedule a conference call to discuss the nature of your request and to provide any Information Security recommendations identified as part of the assessment. IT IS CRITICAL TO HELP IT SECURITY BRING ALL INVOLVED PARTIES TOGETHER TO DISCUSS PRODUCT REVIEW REQUESTS.

Terms and Conditions
Please note that the Terms and Conditions of any technology purchase must be approved by Purchasing and/or Legal prior to the purchase.

***NOTE***The Information Security Risk Assessment process does not constitute an approval or authorization to purchase a reviewed product. State of Oklahoma and University purchasing rules still apply.

New instructions for the Information Technology Product Review process:

The review begins in and is controlled by the automated system used by HSC Information Technology to manage requests.

The first step in the process is to login to Service Now by visiting the http://ServiceNowLoginPage. You will be re-directed to the HSC Information Technology self-service system where you can sign in using your normal OUHSC UserID and Password

After logging in, go to http://it.ouhsc.edu/servicecatalog.

When prompted to select a campus, select Oklahoma City.

Select Product Review in the Professional Services section.

 

Read the information in the top portion if you are unfamiliar with the process. Some of the data will already be filled in for you, such as your UserID, Department, and Campus phone number. Complete the Product Review request form with as much detail as possible. Providing as much information as possible when the item is first sumbitted for review will expidite the request.

 

When the form is complete click on the ORDER NOW button in the top-right portion of the webpage to submit the item for review.

After you have chosen the Order Now button you may log out of the IT self-service system.

You will receive an email from ouhsc@service-now.com for each item you have requested for review. Please use the request numbers provided in this email if you have to ask for further assistance from IT.

When the Review process is complete, you will also recieve another email informing you of the completion of the review and providing you with a link to the complete review, including both the information you submitted and any Inforamation Technology feedback or recommendations. It is this information that may be requested by Purchasing prior to any order being placed.

Revised on 10/28/2014 to update the ServiceNow URL and provide updated screenshots of the request process.

Revised on 12/11/2014 to remove the link to the MS Word request form since the form has moved to ServiceNow.

Revised on 05/16/2017 to add links to OUHSC Risk Assessment Questionnaires.