Information Risk Assessment

The purpose of an Information Risk Assessment (formerly known as a Privacy and Security Impact Assessment; PSIA) is to identify potential privacy and security risks of new or redesigned university business processes or services which use personal or other sensitive information and identify risk mitigation strategies to help Information Stewards decide whether to proceed.

Information Risk Assessment are filled out by individuals or units investigating or implementing new or redesigned processes or services, are reviewed by the Privacy Officer and the Information Security Officer, and finally reside with the relevant Information Steward(s).

To determine whether your initiative requires a full Information Risk Assessment, please fill out the questions on this form.