FSE Security Review
The Arizona State University (ASU) computing environment is a unified network where all participants secure and maintain its integrity. As part of the ASU and Fulton community, you are responsible for any technology that is purchased, installed, or used on the ASU network. ASU requires that departments implementing software or hardware fulfill appropriate security controls to safeguard university assets.
As part of the technology procurement process, all technology contracts must include Information Security Language, and a completed Security Review when the agreement meets at least one of these criteria:
- ASU is purchasing or leasing software or processing a software renewal, including zero-dollar agreements
- Supplier is creating any code for ASU
- Supplier receives, stores, or analyzes ASU Data (even if the data is not online)
- Supplier is hosting or managing infrastructure outside of ASU
- Supplier is collecting sensitive, or ASU Data via a link on an ASU.edu or another ASU managed webpage
In compliance with ASU’s information security standards, Engineering leverages our distributed IT organizational structure to provide the best guidance and recommendations to the Fulton community on technology purchases. We designed a custom security review process to serve the Ira A. Fulton Schools of Engineering and to help streamline and navigate security review procedures.
It is essential to start the security review process early. Each school’s IT Manager is responsible for generating FSE Security Reviews for technology acquisitions. Engineering Technical Services (ETS) is available for assistance throughout the entirety of the process and to manage Governance, Policy, and Information Security (GPIS) Lite or Full Security Reviews. Please contact your IT Manager directly or through ServiceNow to initiate a technology purchase or contact Kraig Farkash if you need additional assistance.