Policy information: IT-12 Risk Assessment (RA) Standard
Status: In review
Date of Last Review/Update: 4/12/24 draft
Responsible University Office: University Information Policy Office
Responsible University Administrator:Office of the Vice President for Information Technology and Chief Information Officer
Contact:University Information Security Office uiso@iu.edu
Print or View this Procedure
Scope
This standard supports Policy IT-12 (Security of Information Technology Resources) and applies to all Indiana University information technology resources, regardless of whether those resources are managed by the university or provisioned from third parties on behalf of the university, and to all users of those resources regardless of affiliation.
Objectives
The key objective of this standard is to ensure that institutional information technology risk is assessed, prioritized, and managed on an ongoing basis. The operation of information systems and the processing, transmission, and storage of institutional information can significantly affect the financial, operational, reputational, regulatory, and/or safety risks to the institution, to institutional assets, and to individuals.