A risk assessment identifies potential hazards that could negatively impact normal business operations. Hazards can range from hurricanes or fires to utility outages or cyberattacks. The risk assessment looks for specific vulnerabilities that put assets such as people or data at risk. Each conceivable hazard is analyzed for probability and severity, and strategies and control measures are developed as part of a remediation plan to minimize risk for various scenarios.
University units are required to perform a comprehensive risk assessment every three years. As technology advances and the world changes, the risk landscape is a moving target. The practice of regular review will refine existing response strategies and identify novel risks.
Please follow the steps below to complete the risk assessment:
- Access the Risk Assessment Survey
- Complete Step #1 under the name of the participating units
- Complete the risk assessment contained in Step #2
- For each “Yes” answer, include a statement in the Current Status column that explains how the unit meets the criteria
- For each "No" or "Partial" answer, it is critical that the unit prepares a risk mitigation strategy. Broadly, there are four potential responses to risk. Units should designate one of these risk mitigation strategies with a short reason for choosing a particular response in the Mitigation Plan column:
- Avoid | change plans to circumvent the problem
- Control/Mitigate/Modify/Reduce | reduce threat impact or likelihood (or both) through intermediate steps
- Accept/Retain | assume the chance of the negative impact to the unit or university; or
- Transfer/Share | outsource risk or a portion of the risk to a third party or parties that can manage the outcome; this is done financially through insurance contracts or hedging transactions, or operationally through outsourcing an activity
- For each “Does Not Apply” answer, include a statement in the Current Status column that explains why the control does not apply to the unit’s operational environment
- Upon completion, submit an encrypted copy of the risk assessment only to email@example.com (do not include copies of inventory spreadsheets or other supporting documents)
Risk assessment training is available to all university units. Please check back for training dates and times in early 2021.
|Coming Soon||Coming Soon||Coming Soon|
Risk Assessment Support Team
The ITS Security team is here to assist you. To submit your questions or feedback reach out to us via firstname.lastname@example.org.