When to perform Information Security Reviews?:
Information Security Reviews must be performed in the following scenarios:
• Implementation of new information services and systems; or significant changes to existing university information services or systems, that may store or transmit Export Controlled or Restricted data (see the Data Classification and Data Types for additional information)
• Implementation of new critical infrastructure or significant changes to existing critical infrastructure.
• Implementation of a new enterprise system or significant changes to existing enterprise systems.
• Implementation of new systems or significant changes to existing systems, which permit third party access to university systems or data.
• Implementation of cloud services for the storing or processing of Export Controlled, Restricted or Controlled data
How to submit an Information Security Review?:
The Information Security Review Form must be completed and submitted via email to the IT@UC Office of Information Security (OIS) at email@example.com for preliminary review and processing. Once the form is received, OIS will evaluate and provide required remediation steps and controls. The remediation steps and controls must be completed by the project owners. Project owners are required to supply status updates during the projects.
Failure to contact OIS or failure to comply with the security requirements may result in termination of the project or service. After the Security Review has been completed, projects must follow the university Change Management process.
Please contact the IT@UC Office of Information Security for any questions.
To view PDF files, you will need Adobe Acrobat Reader, a free download.