D-RAC Role

Each college or division must assign Division Risk Assessment Coordinator(s) (D-RACs) to be responsible for their IT risk assessment process. The D-RACs responsibilities are also highlighted in the Assessment Checklist.

Phase 1

  • Obtain unit information resource inventory list and ensure it is up-to-date.
  • Obtain information resource inventory list from Canopy/FAMIS.
  • Reconcile the two lists.

Phase 2

  • Coordinate groupings of information resources.
  • Work with IT staff to assign appropriate assessor and reviewer roles for each grouping.
  • Have college/division personnel attend appropriate role based training (as needed):
    • New assessors - new assessor training (required)
    • Returning assessors - refresher training (optional)
    • Non-IT professionals – staff/faculty specific training (optional)
  • Secure approval from the dean/VP (or designee) for non-IT professionals accounts to be created.
  • Create the components (i.e. Applications, Locations, and Networks) and Risk Assessable Unit(s) (RAU) with the use of the import template.

Phase 3

  • Create and launch assessments in SPECTRIM.
  • Ensure all assessors have resources to complete assessment(s).
  • Ensure all non-IT professional have resources to complete the survey(s).
  • Be prepared to answer questions from assessors and non-IT professionals.

Phase 4