Sign In / Sign Out
Navigation for Entire University
- ASU Home
- My ASU
- Colleges and Schools
- Map and Locations
Each of us at ASU is responsible for the security of ASU’s systems, and we are individually responsible for any technology that we install or use.
The security review process identifies risks and through mitigating controls reduces the overall risk to ASU users, systems, and networks.
A security review is required for all technology purchases including when:
Technology purchases exceptions include:
The Internal Department Review and the Endpoint Attestation reviews are completed by each unit or department. Please follow your unit’s process.
The ISO Security Review (Light and Full) is based on evidence-based documentation and designed to guide each unit/project team to implement technology solutions in a secure manner.
Our ISO team is ready to engage with your team to ensure your launch of each new initiative is reviewed and configured to utilize necessary risk-reducing measures. This enhanced process relies heavily on industry security standards and vendor documentation as the basis for the security review. The steps are simple:
To start a new ISO Light or ISO Full Security Review please e-mail: email@example.com or open a new ServiceNow ticket.
To determine the correct review please click on the Start Security Review below:
Or call the ASU Help Desk:
These are the current ISO review forms. To initiate a security review please download and fill out the following forms:
Email the completed forms to firstname.lastname@example.org or slack our security team at #iso-security_reviews to complete the review.
1. Do I need to complete the Security Self-Assessment form and Internal Review Form for renewals?
Yes. Every technology spend needs to have a completed self-assessment form and internal review form. For renewals you can use the completed review from the prior year if data sensitivity, functionality, and integrations have not changed.
2. How do I know if my technology/software is "new to ASU"?
Please check the UTO Product Catalog to see if the technology is already in use at ASU. If it is not found in the Product Catalog, please email email@example.com to see if there is a security review on file for the product you are purchasing. Please note - Another department’s security review can only be utilized if the data sensitivity, functionality, and integrations are the same.
3. How do I know I'm working with Sensitive or Highly Sensitive Data?
Our Data Handling Standard has explanations and examples for how ASU classifies certain data. Our standards break data up into 4 categories: Public, Internal, Sensitive, and Highly Sensitive.
4. There are two buttons on the Security Review page. Which one do I use?
The Start Security Review tab is for all departments. The UTO Internal Security Review button is specific to the University Technology Office (UTO). This form links to UTO’s internal security reviews for hardware and software. Internal security reviews are unit specific. If you are not in the UTO department your unit might have a different internal review form. Units are welcome to use the UTO internal review forms if they desire.
Slack us at #iso-security_reviews or firstname.lastname@example.org
ASU Help Desk: