The IT Security Assessment Process identifies risks and explores the fitness of a planned implementation of a new product to be purchased or developed, a major upgrade, enhancement or the migration of an existing system. eTools, cloud services, network system connections and apps must also go through the IT Security Risk Assessment Process. This process involves multiple units, including UMIT Governance, Information Security and Compliance Team, IT Security Architecture Team, the Privacy Office and possibly the Office of the General Counsel and/or Purchasing.
Some applications, particularly those involving confidential/restricted Data may need to have security controls verified, such as by a penetration test or a vulnerability scan, requiring additional time and possible additional cost.
The instructions to fill the Security Assessment questionnaire are documented here.