Welcome to the Technology Risk Assessment (TRA) input form.

IMPORTANT: THIS SUBMISSION FORM IS FOR THE WESTERN PROJECT INITIATOR TO FILL OUT AND SUBMIT.

There is a Vendor form on the TRA website which can be used by your vendor to provide information about their product (instructions for its use can be found there).

Submission of this form will provide the Technology Risk Assessment Committee (TRAC) the necessary information in order to provide an informed risk assessment of your solution, vendor, and/or application.

This submission and its subsequent response does not replace other processes that might already exist at the university.

While there are sections in this form related to Legal, Privacy, Procurement Services, Information Technology, and Financial Services, the information supplied does not trigger work related to contract negotiation, mitigation of Personally identifiable Information (PII), the need for Request for Quotes (RFQs) or Request for Proposals (RFPs), implementation of technology, or the need for anything to do with the Financial Services portfolio (including use of merchant accounts, PCI audits, etc.). The assessment report may assist in accomplishing those processes.

Once the risk assessment is provided, the submitter holds the responsibility of following up with the appropriate group(s) for next steps and implementation tasks.

* if New to Western, please provide as much detail as possible for the initiaitve, vendor, or service providers.

** if a Renewal of an Existing Contract/Engagement, please provide information relevant to the renewal (keep in mind that vendor and service provider business models and commitments change over time).

*** if an initiative requires Added Functionality to an Existing Contract/Engagement that would invoke items related to Legal, Privacy, Financial Services, Procurement, or Information Technology components, please fill out the relevant sections.

* If selected, the Centre for Teaching and Learning (CTL) may be involved in the vetting process.

** If selected, Housing and Ancillary Services may be involved in the vetting process.

For this section, you should use the information supplied to you from the vendor if they have filled out the Vendor Information Form (in PDF format on the http://security.uwo.ca/tra website).

There is an opportunity in the Vendor section to upload the filled out Vendor Information Form to this intake process.

For this section, you should use the information supplied to you from the vendor if they have filled out the Vendor Information Form (in PDF format on the http://security.uwo.ca/tra website).

There is an opportunity in the Vendor section to upload the filled out Vendor Information Form to this intake process.

For this section, you should use the information supplied to you from the vendor if they have filled out the Vendor Information Form (in PDF format on the http://security.uwo.ca/tra website).

There is an opportunity in the Vendor section to upload the filled out Vendor Information Form to this intake process.

IMPORTANT: If there is a need to engage in eCommerce within this application at a later date and you have marked "No", "Not Sure" or "Other" above, you will need to submit a TRA at that time.

There are many technical, legal, and compliancy issues associated with eCommerce and a full vetting will need to be done with that functionality included.

Click here for details on PCI DSS Compliancy.

Please note that Western uses Moneris as its approved payment processor, which includes payment gateway and POS terminals.

*If data required for this initiative already exists in a System of Record (SoR) at Western University, you may need to reach out to the owner of these datasets for discussion/approval.

"Personal Information" is defined as recorded information about an identifiable individual. An individual's personal information includes information regarding his or her race, gender, home address, medical history, education history, identifying numbers (e.g. SIN, employee number, student number, etc.), financial or employment information, personal opinions, completed assignments and exams, and grades, comments and evaluations provided by an instructor.

For more information, please visit the Privacy Office website.

For this section, you should use the information supplied to you from the vendor if they have filled out the Vendor Information Form (in PDF format on the http://security.uwo.ca/tra website).

There is an opportunity in the Vendor section to upload the filled out Vendor Information Form to this intake process.

Please note that the total cost should include licensing, implementation, maintenance, and consultancy costs.

If the total value of the contract is greater than 10,000.00, a Request for Quotes is required and the use of Procurement Services is enforced.

if the total value of the contract is greater than 100,000.00, a Request for Proposals is required and the use of Procurement services is enforced.

For projects less than 10,000.00 in total cost, a competitive bid is not required and it is strongly recommended that Procurement Services is engaged.

For this section, you should use the information supplied to you from the vendor if they have filled out the Vendor Information Form (in PDF format on the http://security.uwo.ca/tra website).

There is an opportunity in the Vendor section to upload the filled out Vendor Information Form to this intake process.

A link to the Data Classification Standard:

Technical Support involves ensuring the platform is appropriately hosted, addressed/patched when vulnerabilities with the application are discovered, the Operating System is up to data and also assures the TRAC (as well as the organization) that there is an identified technical contact that can act as a liaison between WTS and the solution owner.

The lack of an identified technical support resource indicates a significant risk in terms of ensuring the solution remains viable within the university environment.