The Role of Cornell Procurement in TRAs
This article applies to: Security Risk Assessment
Good Stewardship of University Resources
In general, Procurement and Payments is responsible for assisting all buyers in expediting their purchase and ensuring that all purchases conform to University Policy 3.25, Procurement of Goods and Services, applicable laws and procurement good practice.
You are expected to have a TRA completed ahead of time and the document (or ITSO recommendation to proceed) is attached to your purchase order. If you submit a purchase order for software or other technology that purchasing believes should receive a TRA, you may be referred to the ITSO and asked to submit a TRA request.
Contracts and TRA Risks
If a TRA identifies risks that for which a vendor ought to be accountable and/or identifies action a vendor ought to take, Cornell’s purchasing and legal departments can provide the professional assistance needed to make sure that these are properly addressed in the contract. This can help protect the university and the unit making the purchase in the event that harms associated with a risk are realized.