Information Risk Assessment

The purpose of an Information Risk Assessment (formerly known as a Privacy and Security Impact Assessment; PSIA) is to identify potential privacy and security risks of new or redesigned university business processes or services which use personal or other sensitive information and identify risk mitigation strategies to help Information Stewards decide whether to proceed. 

Intake Form

To determine whether your initiative requires a full Information Risk Assessment, please fill out the questions on this form.
Intake forms are reviewed by the Privacy Officer and the Information Security Officer, and finally, reside with the relevant Information Steward(s).


  • Typically 2-4 weeks (depending on initiative complexity)

Making Changes

  • After submitting the intake form, you will receive a re-take link to make any changes to your response.

More information 

Related links