Pre-Assessment

Step # Task Overall Responsible Personnel
Step 1 College/Division assigns D-RACs College, Division IT Staff, Dean/VP

Phase 1: Inventory Management/Resource Identification and Grouping

Step # Task Overall Responsible Personnel
Step 2 All information resources identified and inventory up-to-date D-RAC IT Staff, Staff & Faculty
optional Compare unit inventory list to CANOPY/FAMIS list D-RAC IT Staff, Staff & Faculty
Step 3 Split information resources into two groups:
a. Managed by unit IT staff
b. Managed by non-IT professionals (staff & faculty)
D-RAC IT Staff, Staff & Faculty
Step 4 Group the information resources that are managed by unit IT staff D-RAC IT Staff
Step 5 Decide who will be assessors and reviewers of the information resources that are managed by unit IT staff D-RAC IT Staff
Step 6 Assessors attend training; reviewer role is usually a secondary role * Required for new assessors & optional for returning assessors D-RAC IT Staff
Step 7 Complete the Risk Assessment Inventory List D-RAC

Phase 2: Assessment and Review

Step # Task Overall Responsible Personnel
Step 8 Assign assessors and reviewers to the specific assessments. Each assessor should be given the assessment spreadsheet that they will fill out. D-RAC IT staff, assessor, reviewer
Step 9 In the assessment spreadsheet, complete the assessment and respond to the findings that will be generated based on how the questions were answered Assessor D-RAC, IT Staff
Step 10 Notify the reviewer that the assessment spreadsheet is completed and ready for review Assessor D-RAC, IT Staff
Step 11 Review the assessment and finding responses Reviewer D-RAC, Assessor
Step 12 Approve/reject the assessment and/or the finding responses Reviewer D-RAC, Assessor
optional If the assessment is rejected, discuss any issue(s) about the assessment and/or finding responses with the assessor Reviewer Assessor, Reviewer
optional Finding responses dealing with resources (budget, personnel, equipment, etc.) could be taken to the dean/VP to ensure there will be no surprises at the end of the process D-RAC D-RAC, Dean/VP
Step 13 Notify IT-RMP once the assessment and finding responses have been approved Reviewer IT-RMP, Reviewer
Step 14 Review the assessment and finding responses IT-RMP
Step 15 Approve/reject the assessment and/or the finding responses IT-RMP
optional If the assessment is rejected, discuss any issue(s) about the assessment and/or finding responses with the assessor IT-RMP Assessor, Reviewer

Phase 4: Reporting

Step # Task Overall Responsible Personnel
Step 16 Submit data to DIR for upload through the use of import templates IT-RMP
Step 17 Notify IT-RMP once all college/division assessments are completed and approved (questions answered and responded to findings) D-RAC
Step 18 Begin Dean/VP Approval Process IT-RMP Dean/VP, D-RAC, CISO