Technology Risk Assessment Process
This article applies to: Security Risk Assessment
We recommend that you still submit a TRA request. This can help you identify risks that need to be addressed in your deployment and implementation of the software.
|Action||Description||Usual time needed|
|Complete a request form||Fill out a new request using the form on the ITSO’s SharePoint site.||Two to 10 minutes|
If your answers indicate a TRA is not required, you will be sent an email immediately that provides official notification that what you are purchasing does not require a TRA and the procurement of the product can proceed. Otherwise, a manager may review the request (usually within two business days). If the manager determines a TRA is not required, you will receive an email with that decision. That email would also serve as official notification to proceed with procurement.
|Immediate for clearly non-required cases. Two days when review is needed.|
|ITSO engineer conducts assessment||When an ITSO manager determines a TRA is required, a Security Engineer will be assigned to work on the TRA, usually within two business days.||Two to three weeks.|
|Submit purchase||Attach the approval to proceed and/or the TRA Report document to the “I Want” document when you submit for purchasing.|