The UVA Health Cybersecurity Risk Management team has made improvements to our risk assessment process to help streamline the risk assessment process. The Go-Live for the new risk assessment process is April 15, 2024.
- Introducing a New Risk Assessment Intake process – this new intake process will help advise whether a risk assessment is required. Additionally, a new process has been added to determine whether IT Governance and STC review is required to move forward with purchase.
- Improved Business Contact questionnaire – we’ve improved the Business Contact questionnaire (previously known as the UVA POC questionnaire) to help HIT determine what specific controls will be implemented in our environment.
- New Improved scoring – we’ve improved our overall risk assessment scoring to incorporate an evaluation of risk event impacts and likelihoods. The scoring results will appear in a new table provided in the final Risk Assessment Report. This table will indicate the overall scoring for the solution being evaluated.
Below are helpful links to reference in the future regarding the risk assessment process:
- UVA Health/UVA Community Health Risk Management Standard
- UVA Health Risk Assessment Process: Guide for Purchasers of IT-Enabled Resources
If you have questions about the new processes please reach out to the UVA Health Risk Management team.