Text-only Version

UF’s Risk Assessment Policy Impacts Technology Purchases


An Administrative Memo on UF’s Risk Management policy was issued in November 2015. The internal procurement controls now in place are a result of this memo. Purchases impacted by the Risk Management policy include (but is not limited to) the following technology items:

  • New software purchases, license renewals on existing (previously purchased) software, any equipment with pre-installed software, and software development contracts. Examples include an add-on feature for use with a UF website or e-Learning system; or a survey, statistical, or research analysis tool
  • Any computing storage technology that will hold UF data (e.g., NAS, SAN, and cloud storage services that will store UF data)
  • Computing hardware like servers and, when appropriate, other personal computing devices

Purchasing any of these requires a Risk Assessment, which is a comprehensive information gathering procedure involving multiple units of the university. Depending on the technology, the Privacy Office and the Office of the General Counsel may be involved, in addition to Procurement Services and the Information Security Office. Requisitions submitted in myUF Market are held until the required Risk Assessment documentation is uploaded. To begin an Assessment, go to: https://security.ufl.edu/it-workers/risk-assessment/. Anyone with questions about this policy may email them to security@ufl.edu.