Security and Privacy Impact Assessment (SPIA) is a tool designed by the Office of Audit Compliance and Privacy and Information Systems and Computing to address privacy and security risks associated with data stored on our systems. The SPIA process allows us to inventory, evaluate risk factors and adopt the appropriate remediation methods.
To best protect our data; ITS performs annual security scans on our file servers. ITS also performs annual assessments on administrative, academic and research applications and other systems that store confidential or sensitive information.
The SPIA process consists of two components:
- Inventory Assessment
- Risk Assessment
- SPIA Overview
- Vendor Security Technical Assessment of Risk (V-STAR)
- Secure Share
- Data Risk Classification
- Cloud Computing Guidance
To learn more about SPIA, running security scans and best practices for protecting data, contact ITS Service Desk