Home / Content / Security Review / UTO Internal Security Review

UTO Internal Security Review

UTO Internal security reviews are for technology purchases made by University Technology Office (UTO) employees.

If you are not part of UTO, please contact your Senior TAG Rep and Primary IT Rep according to your university department listed here. You are welcome to use the UTO form only if your Senior TAG confirms that your department adopted the UTO form. Purchases undergoing Internal reviews must also meet the Internal review criteria.

A successful UTO Internal security review requires:

  1. The completed UTO Security Self-Assessment Guidelines
  2. A completed Hardware or Software internal review form (see criteria below)

No meeting with the security architects is required.

Start UTO Internal Security Review

Hardware vs. Software Review Forms

The Software Form is for:

  • Desktop applications not yet used by ASU
  • Software from a third-party that involves Public or Internal data (What is my data classification?)
  • Anything above a basic operating system

The Hardware Form is for:

  • Servers
  • Printers
  • Networking devices (except line cards)
  • Embedded systems and Internet of Things
  • Smart monitors, mice, and keyboards
  • Hardware that receives firmware updates

A security review is not required for:

  • Basic computer mice, keyboards, monitors, etc.
  • Network line cards
  • CPUs and GPUs
  • Hard drives
  • Motherboards


Slack us at #iso-security_reviews or security.review@asu.edu

Or call the ASU Help Desk: