Security improves risk assessment process
Toward that end, the Information Security Office enhanced the risk assessment process during the fiscal year. The group:
- Developed a standard set of security questions, based on industry standards, to determine if a vendor’s security controls are adequate to protect University data and meet regulatory requirements.
- Developed a timeline that more clearly defines the various stages of the assessment process and puts limits on the amount of time allocated to each phase. This will help the group stay on track, especially when working with vendors in gathering information.
- Created a benchmark for each type of assessment to simplify decisions based on clear and consistent criteria.
Process improvement is an ongoing effort, said Mel Radcliffe, IT Security Specialist with Information Security. With these changes and others being planned, the Risk Team is working toward improving the customer experience and reducing risk while enabling the University to conduct its business.
Key Partner(s): Privacy Office, Research Computing