Risk Assessment
The Risk Assessment Project focuses on strengthening IT security by cataloging systems, assessing vulnerabilities, and implementing remediation plans. Spanning October to December 2025, it ensures compliance with institutional policies and Texas DIR security standards through structured inventory, evaluation, and reporting phases.
Overview
The DSA Risk Assessment is an annual, division‑wide IT risk management initiative led by Technology Services – Division of Student Affairs to identify, evaluate, and manage risks associated with information resources, applications, and services across Student Affairs. The assessment is designed as a continuous improvement program rather than a one‑time compliance exercise, emphasizing governance integration, remediation tracking, and operational resilience. Beginning with the 2025–2026 cycle, the process was formalized into a phased lifecycle with earlier engagement and improved coordination with departmental IT teams. Findings from the assessment directly inform remediation planning, risk acceptance decisions, and policy exception workflows through established governance bodies. The program supports audit readiness, compliance with university and state security standards, and long‑term technology planning for DSA.
October 2025 – Phase 1: Inventory of information resources, applications, and services (changes since prior cycle)
November 2025 – Phase 2: Assessment and review of identified resources and controls
December 2025 – Early 2026 – Phase 3: Reporting, remediation tracking, and risk acceptance decisions
- Continue remediation of identified risk findings and document progress in tracking systems
- Finalize outstanding corrections identified during Service Portfolio cross‑checking
- Track and document risk acceptance decisions using the Risk Acceptance and Communication Procedure
- Maintain coordination with governance groups (CAB, RMCC) for oversight and approvals
- Completed Phase 1 inventory of DSA information resources for the 2025–2026 cycle.
- Conducted Phase 2 assessment and review with assessors and reviewers.
- Produced assessment summaries and executive‑level reporting for prior cycles, including documented compliance improvements.
- 3,188 information resources evaluated during the 2023 IT Risk Assessment cycle across Student Affairs.
- Overall compliance grade: A for the 2023 IT Risk Assessment, reflecting above‑average compliance and improved completion compared to 2022
- Average risk score: Low across assessed domains in 2023 (applications, devices, servers, and infrastructure).
- Executive Oversight: , Executive Director, Technology Services – Student Affairs
- Risk Assessment & Policy Leadership: Epps, Brad, Senior IT Professional II
- Assessment Coordination & Review: and DSA IT Risk & Policy Team
- Governance & Oversight Bodies: Change Advisory Board (CAB) and DSA Risk Management Coordination Committee (RMCC)
Thursday, April 2nd, 2026
