Home / Content / Security Review

Security Review

The ASU security review process is designed to guide each project team to implement technology solutions efficiently while minimizing security risks. Each of us at ASU is responsible for the security of ASU’s computer system, and we are individually responsible for any technology that we install or use.

There are 4 types of security reviews, depending on the sensitivity and security of the technology being purchased:

  • Internal Review
  • Endpoint Attestation
  • Light Review
  • Full Review

All technology purchases require a security review, except for:

  • Basic computer mice, keyboards, monitors, etc.
  • Network line cards
  • CPUs and GPUs
  • Hard drives
  • Motherboards

What type of security review do I need?

Security Review Flowchart

Start Security Review

UTO Internal Security Review

Documents:

Security Review Full & Lite Example - Step by Step

Security Review Attestation Example - Step by Step

Questions?

Ask Us

Or come to Security Review Office Hours:

1-3pm

Every second and fourth Wednesday of the month

USB 2642

Or call the ASU Help Desk:

1-844-339-2196

Frequently Asked Questions

1. Do I need to complete the Security Self-Assessment form for renewals?

Yes. Every technology spend needs to have a completed self-assessment form. For renewals you can use the completed review from the prior year if data sensitivity, functionality, and integrations have not changed.

2. How do I know if my technology/software is "new to ASU"?

Please check the UTO Product Catalog to see if the technology is already in use at ASU. If it is not found in the Product Catalog, please email security.review@asu.edu to see if there is a security review on file for the product you are purchasing.

3. How do I know I'm working with Sensitive or Highly Sensitive Data?

Our Data Handling Standard has explanations and examples for how ASU classifies certain data. Our standards break data up into 4 categories: Public, Internal, Sensitive, and Highly Sensitive.

4. There are two buttons on the Security Review page. Which one do I use?

The Start Security Review tab is for all departments. The UTO Internal Security Review button is specific to the University Technology Office (UTO). This form links to UTO’s internal security reviews for hardware and software. Internal security reviews are unit specific. If you are not in the UTO department your unit might have a different internal review form. Units are welcome to use the UTO internal review forms if they desire.

Additional Questions?

Ask Us

Or come to Security Review Office Hours:

1-3pm

Every second and fourth Wednesday of the month

USB 2642

ASU Help Desk:

1-844-339-2196