Managing an information resource (desktop, laptop, server, etc.) requires university IT policies (rules, SAPs, security controls), unit IT policies, and state or federal requirements be followed. These policies outline expectations for managing information resources in a way that protects university data.

Per state and university requirements, annual IT risk assessments are performed to help measure the level of compliance, and should raise the baseline security posture for the university.

Staff and faculty not classified as an IT professional (see definition below), who solely manage their own information resources (e.g. faculty managed server) and/or have administrative rights (e.g. local administrator privileges), will be required to perform an IT risk assessment each year.

Assessment Instructions

1. Identify which assessment(s) you are required to complete.

  1. Elevated Privileges Assessment - individuals that are non-IT professionals that have elevated privileges on an information resource that is also managed by unit IT staff (e.g. local admin on your Windows desktop).
  2. Solely-Managed Devices
    1. Server Assessment - individuals that are non-IT professionals that are solely responsible for managing physical and/or virtual servers, including information resources that perform server functions (e.g. web server, file server, etc).
    2. End-User Device Assessment - individuals that are non-IT professionals that are solely responsible for managing information resources that are not servers (e.g. desktop, laptop, tablet, etc.).

Your unit IT staff can help you determine which assessment(s) you need to complete.

A single assessment may be completed for a group of resources that are managed the same way. However, more than one assessment may be required for different subsets of similarly managed resources.

2. Review help documentation before beginning the assessment.

Assessment help documents provide the list of questions, answer choices, and additional information to help you complete the assessment quickly.

This year logic has been applied to some questions to help you from having to answer questions that do not apply to how the information resource(s) is managed. This document will walk you through which questions you will be required to answer based on how the information resource(s) is managed.

  1. Elevated Privileges Assessment Help
  2. Solely-Managed Devices
    1. Server Assessment Help
    2. End-User Device Assessment Help

3. Once you are ready to complete the assessment, click the appropriate link to access the Google form.

The Google form should be completed all at once. You cannot save your information and come back later to complete. The Google form requires you to complete the current section before moving to the next.

This year logic has been applied to some questions to help you from having to answer questions that do not apply to how the information resource(s) is managed. The logic will be based on your selected answers for specific questions and will send you to the required section. All questions in each section are required to be answered.

  1. Elevated Privileges Assessment Form
  2. Solely-Managed Devices
    1. Server Assessment Form
    2. End-User Device Assessment Form

4. Complete the Assessment and click "Submit."

After you click submit, a confirmation message will appear, and you should receive an email with your responses.