DRAC Tasks

    • Step #
    • Task
    • Overall Responsible
    • Personnel
  • Pre-Assessment
    • Step 1
    • College/Division assigns D-RACs
    • College
    • IT Staff, Dean/VP
  • Phase 1: Inventory Management/Resource Identification
    • Step 2
    • All information resources identified and inventory up-to-date
    • D-RAC
    • IT Staff, Faculty
    • optional
    • Compare unit inventory list to CANOPY/FAMIS list
    • D-RAC
    • IT Staff, Faculty
  • Phase 2: Grouping and Assessment
    • Step 3
    • Group information resources
    • D-RAC
    • IT Staff, Faculty
    • Step 4
    • Decide who will be Assessors and reviewers
    • D-RAC
    • D-RAC, Senior IT Staff
    • Step 5
    • Assessors attend training; reviewer role is usually a secondary role
    • D-RAC
    • Staff and Faculty
    • Step 6
    • Dean/VP approval for Non-IT professional
    • D-RAC
    • D-RAC, Dean/VP
    • Step 7
    • IT-RMP notified of Non-IT professional approval
    • D-RAC
    • IT-RMP, D-RAC
    • Step 8
    • Assign Assessors to the specific assessments
    • D-RAC
    • Staff and Faculty
    • Step 9
    • Assessors complete the assessment and answer the questions as they pertain to what is being assessed
    • Assessor
    • D-RAC, Assessor, IT Staff
    • Step 10
    • Respond to the findings that will be generated base on how the questions were answered
    • Assessor
    • D-RAC, Assessor, IT Staff
    • optional
    • Ensure the assessment results and finding responses are appropriate
    • D-RAC, Reviewer
    • D-RAC, Assessor, IT Staff
    • optional
    • Finding responses dealing with resources (budget, personnel, equipment, etc.) could be taken to the dean/VP to ensure there will be no surprises at the end of the process
    • D-RAC
    • D-RAC, Dean/VP
  • Phase 3: Data Entry and Reporting
    • Step 11
    • Create Risk Assessable Unit(s) (RAU)
    • D-RAC
    • Step 12
    • Create Components (i.e. Applications, Locations, Networks)
    • D-RAC
    • Step 13
    • Create assessments
    • D-RAC
    • Step 14
    • Launch assessments
    • D-RAC
    • Step 15
    • Answer assessment questions
    • Assessor
    • Step 16
    • Review assessment
    • Reviewer
    • Step 17
    • Approve/reject assessment
    • Reviewer
    • Step 18
    • Review assessment
    • IT-RMP
    • Step 19
    • Approve/reject assessment
    • IT-RMP
    • Step 20
    • Respond to findings
    • Assessor
    • IT Staff, D-RAC
    • Step 21
    • Review findings
    • Reviewer
    • Step 22
    • Approve/reject findings
    • Reviewer
    • Step 23
    • Notify IT-RMP once all college/division assessments are completed and approved (questions answered and responded to findings)
    • D-RAC
    • D-RAC, IT-RMP
    • Step 24
    • Begin dean/VP approval process
    • IT-RMP
    • IT-RMP, CISO
    • Step 25
    • Receive the Executive Summary from IT-RMP and submit to dean/VP for approval
    • D-RAC
    • IT-RMP, D-RAC
    • Step 26
    • Dean/VP approval
    • D-RAC
    • D-RAC, Dean/VP
    • Step 27
    • Submit dean/VP signature page to IT-RMP
    • D-RAC
    • IT-RMP, D-RAC