D-RAC Role

Each college or division must assign Division Risk Assessment Coordinator(s) (D-RACs) to be responsible for their IT risk assessment process. The D-RACs responsibilities are also highlighted in the Assessment Checklist.

Phase 1

  • Get unit-kept information resource inventory list and ensure it is up-to-date
  • Get information resource inventory list from Canopy/FAMIS
  • Reconcile the two lists

Phase 2

  • Coordinate groupings of information resources
  • Work with IT staff to assign appropriate assessor and reviewer roles for each grouping
  • Have assessors attend training:
    • New assessors attend new assessor training
    • Returning assessors can attend refresher training
  • New, non-IT professionals - have to get approval from the dean/VP before account will be created
  • Ensure assessors have resources to complete assessment
  • Be prepared to answer questions from assessors

Phase 3

  • Create the components (i.e. Applications, Locations, and Networks) and Risk Assessable Unit(s) (RAU)
  • Create and launch assessments