Managing an information resource (desktop, laptop, server, etc.) requires university IT policies (rules, SAPs, security controls), unit IT policies, and state or federal requirements be followed. These policies outline expectations for managing information resources in a way that protects university data.

Per state requirements, annual IT risk assessments are performed to help measure the level of compliance, and should raise the baseline security posture for the university.

Staff and faculty not classified as an IT professional (see definition below), who solely manage their own information resources (e.g. faculty managed server) and/or have administrative rights (e.g. local administrator privileges), will be required to perform an IT risk assessment each year.

IT professional - A staff or faculty member whose primary duties are to manage information system or directly support, in the technical sense, personnel who manage information resources (e.g. Database Administrator, Systems Analyst, Web Developer, IT Manager, etc.)

Assessment Instructions

FY18 due date: Assessments should be complete by April 30, 2018

  1. Identify which assessment(s) you are required to complete.

    1. Server Assessment - physical and/or virtual servers, including information resources that perform server functions (e.g. web server, file server, etc).

    2. Non-server Assessment - information resources that are not servers (e.g. desktop, laptop, tablet, etc.).

    3. Local Administrator Assessment - local administrator privileges on a resource also managed by unit IT staff (e.g. local admin on your Windows desktop).

    Your unit IT staff can help you determine which assessment(s) you need to complete.

    A single assessment may be completed for a group of resources that are managed the same way. However, more than one assessment may be required for different subsets of similarly managed resources.


    A lab of laptops and desktops that are solely managed can all be grouped together into one Non-server Assessment.

    However, a professor who solely manages servers for research and has local administrator privileges on their desktop, will have two assessments.

    • One assessment for the solely managed servers.
    • One assessment for the desktop with local administrator privileges.
  2. Review help documentation before beginning the assessment.

    Assessment help documents provide the list of questions, answer choices, and additional information to help you complete the assessment quickly.

  3. Once you are ready to complete the assessment, click the appropriate link to access the Google form.

    The Google form should be completed all at once. You cannot save your information and come back later to complete. The Google form requires you to complete the current section before moving to the next.

  4. Complete the Assessment and click "Submit."

    After you click submit, a confirmation message will appear.

Remember, please have all assessments complete by April 30, 2018