OUHSC Information Technology Department


Home  |  Online Help  |  Policies  |  Forms  |  Tier Ones

Product Review:

Supporting documents: Full policy Adobe PDF File

All information system resources receiving, storing and/or transmitting sensitive data must have a product review completed.

Please use the form located at the bottom of the Technology Product Review Process web page (http://it.ouhsc.edu/forms/productreview.asp) to start the Product Review process.

The product review will contain at a minimum: a complete description of the product, its functions and capabilities, interfaces with other systems and data, the method of interface, and all its inputs and outputs.

If any of the above change at any time during the product review process and/or the product implementation, the product review must be updated to reflect these changes and be resubmitted for review.

The product review will then be performed by each of the affected OUHSC IT departments to determine if the resource is compatible with existing IT infrastructure and if it brings any new or additional risks to the OUHSC IT environment.

Each affected OUHSC IT department will document any identified risks created by the resource specific to the affected area(s) and any recommendations.  These recommendations will then be summarized into an overall analysis of the product and will include at a minimum the following:

  • Risk Assessment
  • Products in place at OUHSC performing the same role/task/function.
  • The products overall sensitivity rating and why.
  • Compatibility with current IT infrastructure.
  • Recommendations/conditions to consider for deployment. This may include submission of a project request to OUHSC IT.

A product review does not imply consent or approval to purchase, develop, or deploy the product and the requesting department retains responsibility for ensuring this product is compliant with all applicable policies and regulations.