Secure UD Compliance and Risk Survey
The Secure UD Compliance and Risk Survey (Secure UD CARS) is a lightweight, easy-to-use unit compliance and risk assessment tool. Compliance and risk are measured according to the requirements of the Secure UD Data Governance & Security Program (Secure UD DGSP).
Completing the Secure UD CARS is a great way for your unit to jump-start your information security and risk management activities or to gauge the maturity of your existing information security plan and chart a course for the future.
The Secure UD CARS has four sections:
- A data survey to identify your unit's key data.
- A 50-question survey to measure your unit's security and risk posture.
- A compliance and risk report card that generates immediate feedback based on survey responses and highlights opportunities for improvement.
- A three-year risk management strategy for planning improvements and setting compliance and risk goals.
The Secure UD CARS is available as part of the Secure UD Toolkit.
Units that handle Protected Health Information (PHI/ePHI) and are covered entities under HIPAA, or that handle cardholder information subject to the Payment Card Industry Data Security Standard (PCI DSS), should complete the Secure UD Risk Assessment Tool instead of the Secure UD CARS.
Requirements
Units are required by security controls IS 1.1.1 and IS 3.1.1 to conduct annual risk surveys and security assessments. The Secure UD CARS, when completed, satisfies both of these requirements. Additionally, the Secure UD CARS satisfies security control IS 1.2.1, which requires the development of a risk management strategy.
Every University unit is required to complete the Secure UD CARS annually to stay compliant with the above security controls. Completed Secure UD CARS must be submitted to executive leadership and to IT Security for review.
Details
Intended audience: Unit heads
Estimated time to complete: 1-3 hours
Other materials necessary: Secure UD Data Governance & Security Program
