Purpose of TRA
The purpose of Technology Risk Assessments (TRA) as a process is to provide for the organization the due diligence required to ensure that software, hardware, and data-provisioning initiatives are adequately protected, and/or that the risks involved are understood and accepted by the required stakeholders within Western University.
While the approach is geared towards technological initiatives, there is great variability in the types of solutions that are within scope. Some projects might require a formal Request For Proposal (RFP) based on the costs involved and others might be cloud-based solutions that have no fees at all. Some solutions may require ecommerce transactions and others may not be geared as such. And others may deal with Personally Identifiable Information (PII), while many may not. In each scenario, (significant) risk may exist and this process is meant to help our partners across the organization understand these components and to assist in mitigating and/or accepting the understood risks.
Western University has a legal obligation and an ethical responsibility to protect the information and processes related to our operational, academic, and research portfolios. One of the ways that we accomplish this goal is through a Technology Risk Assessment (TRA) for any initiative being brought forward at Western University that has some technological (in a broad sense) dimension to it.
This process is geared towards Western and its partners, employees, researchers, and operations to understand the risks associated with technology-related solutions. The advent of web-based, cloud-oriented applications, along with traditional client/server applications, has grown tremendously and there has been an acute increase in how these technologies use data (Western's or others'), interact with other systems, and transmit information. Each process may be vulnerable and the TRA is Western's due diligence in understanding the risks.
Published on and maintained in Cascade CMS.