Service Evaluation & Risk Assessment


Organizations must be conscious of information security, and must develop and implement proper security controls based on their internal risk and vulnerability assessments. These assessments can help the organization:

  • Uncover known weaknesses and vulnerabilities in its IT infrastructure;
  • Prioritize the impact of these vulnerabilities, based on the value and importance of the IT and data assets affected; and
  • Implement security controls and countermeasures to mitigate the weaknesses.

The mitigation increases security, and reduces the odds that a threat or vulnerability will harm the organization’s production environment.

Before the University will allow software and cloud services use or purchase (including mobile apps and free, downloadable software i.e. "freeware"), the products must be assessed for risk. Hardware may also be assessed. Assessment requests should be made by contacting the Technology Service Desk at, or submitting a request through the Technology Service Catalog, or submitting a request by clicking Request Service on this page.

Contracts and Procurement

For purchases that require a contract, ITS leadership engages in contract review and approval.

  1. All software, web applications and cloud services must be reviewed by IT Solutions (ITS) prior to the contract being routed to the Contracts Department for review. 

    • A Risk Assessment is needed for ALL software purchases and renewals. Submit a Service Evaluation & Risk Assessment request

      • ​​​​​Please attach the Contract Routing Sheet to the ticket for review. If the product or service is a renewal and a past Risk Assessment has been performed, that Risk Assessment should also be attached to the ticket request.

      • The contract and product or service will also be evaluated by the ITS project management team to determine solution viability.

      • As of January 1, 2022, if the contract is to procure a cloud service, the cloud service may be subject to TX-RAMP certification (more information is available at the Texas Department of Information Resources’ TX-RAMP website). The TWU Information Security team will evaluate the Risk Assessment responses to determine if TX-RAMP certification is required. If so, the vendor will be required to obtain the appropriate certification prior to ITS signing the Contract Routing Sheet. The state verifies and certifies vendors for TX-RAMP certification. The process to receive certification will require additional vetting and may increase the time to procure cloud services.

  2. Once the ITS project review process is completed, TX-RAMP certification obtained (if applicable), and Risk Assessment obtained, the Contract Routing Sheet may be signed by IT Solutions.

    • Attach a copy of the Risk Assessment to the Contract Routing Sheet and contract and submit to

Related services

Software Assessment and Implementation

Request Service - Service Evaluation & Risk Assessment


Service ID: 12086
Tue 2/2/16 4:40 PM
Tue 11/1/22 9:46 AM