Skip to main content

Cornell University

Technology Risk Assessment Process

If you've already purchased... We recommend that you still submit a TRA request. This can help you identify risks that need to be addressed in your deployment and implementation of the software.
Action Description Usual time needed
Complete a request form Fill out a new request using the form in TeamDynamix. Two to 10 minutes
ITSO review

If your answers indicate a TRA is not required, you will be sent an email immediately that provides official notification that what you are purchasing does not require a TRA and the procurement of the product can proceed. Otherwise, a manager may review the request (usually within two business days). If the manager determines a TRA is not required, you will receive an email with that decision. That email would also serve as official notification to proceed with procurement.  

Immediate for clearly non-required cases. Two days when review is needed.
ITSO engineer conducts assessment When an ITSO manager determines a TRA is required, a Security Engineer will be assigned to work on the TRA, usually within two business days.   Two to three weeks.
Submit purchase Attach the approval to proceed and/or the TRA Report document to the “I Want” document when you submit for purchasing.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.