FSE Security Review

Why is a Security Review required?

The Arizona State University computing environment is a unified network where all participants secure and maintain its integrity. As part of the ASU and Fulton Schools of Engineering community, we share responsibility for technology use within the university network. Departments that acquire software or hardware must fulfill appropriate security controls.

In compliance with ASU’s information security standards, FSE leverages our distributed IT organizational structure to provide the best guidance and recommendations for our community on technology acquisitions.

ASU requires a Vendor IT Risk Assessment (VITRA) be performed for all third-party software. A VITRA is required to install or integrate all third-party software into ASU’s digital environment. Engineering Technical Services supports FSE with the Security Review process which streamlines the VITRA requirement. 

Each school’s IT Manager is responsible for initiating FSE Security Reviews for all new software and software renewals and ETS manages the associated VITRA and software acquisition. 

How do I begin a Security Review?

Please contact your IT Manager directly or through ServiceNow to initiate a Security Review. When initiating through ServiceNow, be sure to select ‘ETS’ under ‘IT Support Group’, and ‘Security’ under ‘Request Type’.

It is essential to start the Security Review process early in order to allow time for the VITRA, software purchase, and software delivery and deployment.

What types of products require a Security Review?

Software acquisitions, free or paid, must undergo a security review for integrations, data sharing and any elevated risks to ASU data in the event of a third-party breach for any software that meets any criteria listed below.

Technology hardware acquisitions do NOT require a Security Review such as workstations, display devices, network or lab equipment, processors, network cards, hard drives, motherboards, mice, and other peripherals. 

Additional Resources