What are risk assessments?
Assessing risks and potential threats is an important part of running any organization, but risk assessment is especially important for IT departments that have control over networks and data. The purpose of IT risk assessment is to help IT professionals identify any events that could negatively affect their organization.
Our job is to identify risks and engage appropriate controls for reduction or elimination of:
- Loss of control to Rice data and IT services
- Loss of integrity to Rice data and IT services
- Accessibility to Rice data and IT services
What do we do?
We work internally with various departments and groups within Rice to coordinate activities, and grant IT compliance requirements. Groups we work closely with include the Office of General Council, Rice Compliance Office, Office of the Registrar, SPARC, Purchasing, and the OIT divisions Enterprise Applications and Project Management Office.
In addition, the compliance group also works internally with ISO on vulnerability assessments, risk analysis of software, service reviews, and deployments of equipment and services. We also help draft and maintain security policies and procedures.
How does a risk assessment work?
Compliance Risk Assessments and Controls
After receiving a risk assessment request, the compliance team will assess the possibility of loss of control, loss of integrity, and access to Rice data and IT services using the service or software requested. Once the risk assessment is completed, the compliance team will give clients feedback on the risks of using the corresponding service or software and possible control measures to reduce or eliminate them.