Reviewed tools list
The Risk Management & Compliance (RMC) department in the Office of Cybersecurity would like to share with our campus partners work that is completed to assess risk for tools, services and vendors. This resource will offer insight and options to determine if tools, services or vendors might work for you. This is not a blanket endorsement of these tools. You will need to review your data classification and the type of assessment that was completed to find commonalities.
Please refer to the Risk Control Families and a sample of the questions from each family. To achieve a similar risk level as below, you will need to be prepared to respond to these questions, and more, to determine your unique level of risk.
By making this information available, the Office of Cybersecurity is hoping to accomplish several goals:
- Offering information to campus partners to choose tools that may already be in use on campus
- By requesting a risk assessment for your use case for an existing tool, risk assessment timelines may be more efficient.
Contact Risk Management & Compliance (RMC) for additional questions about the reviewed tools resource.
Additional resources
Use this resource to
Explore tools
Explore a repository of tools, vendors & services reviewed by RMC for security.
Discover previously reviewed tools
Obtain information about the previously reviewed tools which could offer similar service types (i.e., data management tools, ticketing tools, etc.).
Review data classifications
Review the data classification that was requested for use with each tool, vendor, or service.
Understand risk reviews
Gain a clear understanding of the depth of risk review that was completed based on the service requested (e.g. Request to Procure vs. Request to Operate). Your risk may differ based on how you secure and handle the data in your environment.This list is not intended for
Purchasing permission
If a tool is on this list, you do not have permission to purchase it. Purchases must be channeled through your purchasing department(s) with proper purchasing authority and contract review.
Bypassing risk assessments
If a tool is on this list, it does not eliminate the need for a risk assessment by Cybersecurity. The Office of Cybersecurity will need to ensure that the data you are using matches the data reviewed previously, and other security measures match the completed review. This also applies to the type of service assessment completed. If only a request for purchase (RTP) has been completed, a more thorough risk assessment will need to be in place for implementation of the service.Reviewed tools list
The Risk Management & Compliance (RMC) department in the Office of Cybersecurity would like to share with our campus partners work that is completed to assess risk for tools, services and vendors. This resource will offer insight and options to determine if tools, services or vendors might work for you. This is not a blanket endorsement of these tools. You will need to review your data classification and the type of assessment that was completed to find commonalities.
Please refer to the Risk Control Families and a sample of the questions from each family. To achieve a similar risk level as below, you will need to be prepared to respond to these questions, and more, to determine your unique level of risk.
Question & review requests
Contact Risk Management & Compliance (RMC) for additional questions about the reviewed tools resource.
If you are considering using a tool which is not on this list, please submit a request to our OneTrust team.