A risk assessment identifies potential hazards that could negatively impact normal business operations. Hazards can range from hurricanes or fires to utility outages or cyberattacks. The risk assessment looks for specific vulnerabilities that put assets such as people or data at risk. Each conceivable hazard is analyzed for probability and severity, and strategies and control measures are developed as part of a remediation plan to minimize risk for various scenarios.
University units are required to perform a comprehensive risk assessment every three years. As technology advances and the world changes, the risk landscape is a moving target. The practice of regular review will refine existing response strategies and identify novel risks.
Instructions
Download the Risk Assessment Survey
Fill in the Unit Information tab
Complete the Risk Assessment tab using the instructions below
Submit an encrypted copy of the file to risk@fsu.edu
Risk Assessment Survey
- For each Yes answer, include a statement in the Current Status column that explains how the unit meets the criteria
- For each No or Partial answer, one of the following risk mitigation strategies must be prepared and designated in the Mitigation Plan column
- Avoid | change plans to circumvent the problem
- Control/Mitigate/Modify/Reduce | reduce threat impact and/or likelihood through intermediate steps
- Accept/Retain | assume the chance of the negative impact to the unit or university
- Transfer/Share | outsource risk or a portion of the risk to a third party to manage the outcome (e.g., insurance contracts, hedging transactions)
- For each Does Not Apply answer, include a statement in the Current Status column that explains why the control does not apply to the unit’s operational environment
Resources
Risk Assessment
Contact ITS for assistance with a risk assessment and customized mitigation plan
Risk Assessment Survey
Worksheet for risk self-assessment survey based on Center for Internet Security controls
Third Party Risk Self-Assessment
Third party risk self-assessment survey for vendors who have not obtained and provided a current SOC II report
Support
If you have questions or need assistance with Risk Assessment, please contact ITS at risk@fsu.edu.
