Skip to Content

Information Security Review for Projects Questionnaire

Information Security Review for Projects Questionnaire (MS Word .docx)

As part of any significant Information Technology Project, it is very important to identify and incorporate information security requirements at the early planning stage. In doing so, the risk of new security and compliance problems being introduced into the University environment is greatly reduced. It also minimizes the risk of project schedule delays and cost overruns when security requirements must be retrofitted into systems and/or contractual agreements late in the process.

The purpose of this questionnaire is to:

  • facilitate identification of security requirements for a given Information Technology Project; and

  • help minimize risks associated with planned outsourcing of Mission Critical IT services.

This questionnaire is intended for an Information Technology Project (as defined in the Definitions Section) that will:

  • involve (e.g., create, obtain, transmit, maintain, use, process, store or dispose) institutional data classified as Highly Sensitive; or

  • acquire ongoing vendor IT services (e.g., application software hosting, hardware/software infrastructure, data storage facilities, staffing, etc.) considered Mission Critical by the project sponsor.

The questionnaire consists of six sections as follows:

Project Review

Information Security Review for Projects Questionnaire (MS Word .docx)

Page Updated: 2013-12-20