Information Security Risk Acceptance

Overview

The Information Security Office advises risk owners on how to mitigate risk within ECU’s environments. When risks cannot be suitably mitigated, a risk acceptance is needed to properly document the residual risk. This facilitates the risk management process as it illuminates important risk areas.

If a technology handles sensitive information but does not support Single Sign On (SSO) or Multifactor Authentication (MFA), request an exception by attaching a completed SSO/MFA Exception Request to this service ticket. For other risk acceptance situations, submit the Standard Risk Assessment form as part of this service ticket. See attachments, this page.

Once this service request and appropriate forms are submitted, our team will contact you.

Available To

Faculty, Staff

Get Started

• Complete all sections of the Standard Security Risk Assessment form. See attachment, this page.
• Obtain department manager approval and signature.
• Obtain data steward approval signature.
• Submit the completed standard risk acceptance form.

For technology dealing with sensitive data but not protected by SSO or MFA

• Submit the SSO/MFA Exception Request. 

Related Policies and Guidelines

Software and Data Collection Services Acquisition Regulation Section 2.4.

Integrated Services

Vulnerability Management Exception Request

Fees

No fees are associated with this service.