Risk Assessment

Features

Organizations must be conscious of information security, and must develop and implement proper security controls based on their internal risk and vulnerability assessments. These assessments can help the organization:

  • Uncover known weaknesses and vulnerabilities in its IT infrastructure;
  • Prioritize the impact of these vulnerabilities, based on the value and importance of the IT and data assets affected; and
  • Implement security controls and countermeasures to mitigate the weaknesses.

The mitigation increases security, and reduces the odds that a threat or vulnerability will harm the organization’s production environment.

Before the University will allow software and cloud services use or purchase (including mobile apps, artificial intelligence tools, and free, downloadable software i.e. "freeware"), the products must be assessed for risk. Hardware may also be assessed. Assessment requests should be made by contacting the Technology Service Desk at 940-898-3971servicedesk@twu.edutechchat.twu.edu, or submitting a request through the Technology Service Catalog, or submitting a request by clicking Request Service on this page.

Contracts and Procurement

For purchases that require a contract, ITS leadership engages in contract review and approval.

  1. All software, web applications and cloud services must be reviewed by Information Security prior to the contract being routed to the Contracts Department for review. 

    • A risk assessment is needed for ALL software purchases and renewals. Submit a Risk Assessment request

      As of January 1, 2022, if the contract is to procure a cloud service, the cloud service may be subject to TX-RAMP certification (more information is available at the Texas Department of Information Resources’ TX-RAMP website). The TWU Information Security team will evaluate the risk assessment responses to determine if TX-RAMP certification is required. If so, the vendor will be required to obtain the appropriate certification for each cloud service/product prior to completing the risk assessment. The state verifies and certifies cloud services for TX-RAMP certification. The process to receive certification will require additional vetting and may increase the time to procure cloud services.

  2. Once the TX-RAMP certification is obtained (if applicable) and the risk assessment is completed, TWU Information Security will close the risk assessment request and provide the requester with the signed risk assessment.

  3. The signed risk assessment may then be attached to the Contract Routing RequestDuring the Contract Routing Request process, the contract and product/service will also be evaluated by the ITS project management team to determine solution viability.

Related services

Quotes
Software Assessment and Implementation