OUHSC Information Technology Department

Home  |  Online Help  |  Policies  |  Forms  |  Tier Ones

Information Security Risk Assessment:

Supporting documents: Full policy Adobe PDF File

All information system resources receiving, storing and/or transmitting sensitive data must have a product review completed.

Please use the form located at the bottom of the Technology Information Risk Assessment Process web page (http://it.ouhsc.edu/forms/productreview.asp) to start the Information Security Risk Assessment process.

The Information Security Risk Assessment will contain at a minimum: a complete description of the product, its functions and capabilities, interfaces with other systems and data, the method of interface, and all its inputs and outputs.

If any of the above change at any time during the Information Security Risk Assessment process and/or the product implementation, the Information Security Risk Assessment must be updated to reflect these changes and be resubmitted for review.

The Information Security Risk Assessment will then be performed by each of the affected OUHSC IT departments to determine if the resource is compatible with existing IT infrastructure and if it brings any new or additional risks to the OUHSC IT environment.

Each affected OUHSC IT department will document any identified risks created by the resource specific to the affected area(s) and any recommendations.  These recommendations will then be summarized into an overall analysis of the product and will include at a minimum the following:

  • Risk Assessment
  • Products in place at OUHSC performing the same role/task/function.
  • The products overall sensitivity rating and why.
  • Compatibility with current IT infrastructure.
  • Recommendations/conditions to consider for deployment. This may include submission of a project request to OUHSC IT.

An Information Security Risk Assessment does not imply consent or approval to purchase, develop, or deploy the product and the requesting department retains responsibility for ensuring this product is compliant with all applicable policies and regulations.