ITNS offers security risk assessments and security reviews as a service to organizations or departments at Purdue. These risk assessments help administrators and IT personnel identify security vulnerabilities to sensitive or restricted data, systems, and processes. In some cases, a risk assessment may be required for a organization or department within an organization. Federal regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Gramm-Leach-Bliley Act of 1999 (GLBA) require risk assessments in order to enforce the protection of HIPAA and GLBA protected data. Please consult the guidelines for risk assessment to determine whether or not you should consider a security risk assessment or security review. If, after reading the guidelines, you believe you need an assessment or review, or have additional questions, please contact itap-securityhelp@purdue.edu. For further information, and supporting process documentation please review the following documents:
|