The Computing Risk Assessment (CRA) is designed to support the introduction and use of secure and compliant computing services at the University of York (see IT Outsourcing and Cloud Computing Policy). The CRA process enables the University to understand the risk posed by a processing activity and to assess and ensure that providers have adequate technical and procedural controls in place to secure University data.
Start the CRA process by submitting the initial questionnaire.
Please note
Where personal data is being processed there may be a need for a Data Protection Impact Assessment (DPIA), you can use the online DPIA screening tool to decide whether a DPIA is needed.
Contract review is another important step in safeguarding the University and University data. Please ensure contracts are reviewed by Procurement, the Data Protection Team and Sarah Butcher (Software Asset Manager) in advance of signing to ensure that they provide the University with adequate legal protections and appropriate licensing terms.