Technology Risk Assessment

Objectives of the Technology Risk Assessment:

DOWNLOAD: Technology Risk Assessment Workbook

When a Western faculty or organizational unit is interested in implementing a new solution which utilizes infrastructure off campus or 'software as a service (SAAS)', or a third party service which requires access to Western data or processes credit card data refer to this ‘Technology Risk Assessment' web page, and download the document linked above. The following proceedure:

  • Provides the community with a better understanding of the requirements that result as a consequence of the implimentation of the service or use of the software;
  • Ensures compliance with Western's Data Classification Standard; and
  • Offers institutional advice and assistance from a Risk Management perspective with respect to issues of privacy, integration, and eCommerce.

This website contains information about IT, procurement, financial, privacy, legal and Western policy issues when dealing with cloud based software.  Recommendations are for informational purposes only and may not reflect the most current developments.  These informational materials are not intended, and should not be taken, as legal advice on any particular set of facts or circumstances.  You should contact the relevant departments identified throughout this site for assistance on your specific set of circumstances.

 

Preliminary Analysis:

Please seek advice if you answer 'YES' to any of the following the questions:

  • Is the information confidential or sensitive?
  • Does the software or service require integration with Western's information system i.e. authentication?
  • Does the software or service use information from another Western system i.e. central student system or Human Resources?
  • Does the software or service involve accepting payments?
  • Is the annual or total value of the contract greater than $10,000? (includes all costs)
  • Does the software or service require a contract to be signed?

If any of the answers was YES please download the file above and answer the questions it contains starting with the 'General' tab.

A note about the Detailed Analysis:

 The document contains 7 sections:

 

 This process identifies whether use of the technology: includes sharing sensitive information; requires integration with Western’s information systems (including use of Western's digital identity); accepts payments; results in a purchase whose value is greater than $10,000; or results in the signing of a contract.

If NONE of the conditions in the preliminary analysis are true, then the individual may proceed with the acquistion of the software or service.  However if ONE or more of the above questions are TRUE there are more questions related to Western’s policies and guidelines that are needed to be identified for the aquistion to move forward.  The questions are intended to provide the individual with the issues that each area addresses in their review of the software.

When the relevant issues have been addressed, the software may be implemented.

DOWNLOAD: Technology Risk Assessment Workbook

 

ONCE COMPLETE, the document should be fowarded to procurement. Additional assistance can be obtained from any of the following:

 Software implementation contacts:

Procurement - procurement@uwo.ca
Cyber-security - ciso@uwo.ca
IT Architecture & ID Management - helpdesk@uwo.ca
Bank Card Committee -  uwoecommerce@uwo.ca
Legal - clsinfo@uwo.ca
Privacy - privacy@uwo.ca

Published on  and maintained in Cascade CMS.