The Information Security Risk Management (ISRM) Assessment
The University of Virginia is committed to preventing incidents that may impact the confidentiality, integrity, and availability of information and IT resources. In accordance with the Information Security of University Technology Resources policy, all units and departments are required to complete an annual information security risk assessment (ISRM) to evaluate the effectiveness of their IT security controls within their environments.
Just like last year, we also have templates available to help you with the endpoint and server inventory questions:
How do I access this year's assessment?
The ISRM Assessment has been moved into the same OneTrust tool that the IT Compliance team uses for conducting vendor risk assessments (see Vendor Review FAQ). While available for completion, you may access ISRM 2022 in OneTrust through the Self Service Portal by selecting the tile labeled "ISRM 2022".
Navigating the Risk Assessment in OneTrust
Initiating an Information Security Risk Assessment is now really easy! Just follow the steps below.
1. Visit the UVA OneTrust Self Service portal
2. Type in your UVA email address and click “Next” to login through Netbadge
3. Click "Launch" on ISRM 2022.
4. Navigating the ISRM
When you launch the Assessment, the Assessment Name should reflect the group you represent (i.e., Classrooms, Desktop Support, Physics, etc.). If you do not anticipate being the only person to work on the Assessment, be sure to add additional respondents at this time.
Attachments can be added to every question by using the paperclip icon located below each question.
Comments can be added to every question by using the “speech cloud” icon located below each question. Use this to ask us about a specific question or to provide feedback.
NOTE: When completing some fields, you may need to click "Add Option" beneath the text field after you finish typing.
Adding Additional Respondents to the ISRM
Please contact firstname.lastname@example.org.
NOTE: OneTrust does not immediately populate user information throughout the system. This means that OneTrust may throw error text when you go to edit respondents indicating that your are not a valid user. To fix this, type in your email over the respondent field where your name is located before clicking the Save button. If you run into any issues, reach out to email@example.com and we can fix it.