Architecture and Security Review

Statement of Purpose

The purpose of the Architecture and Security Review (ASR) is to partner with campus departments to act as a consultative and advising body during the selection and negotiation of a proposed technology product or service. The ASR does not approve or disapprove products, but will identify risks and provide actions and/or strategies to mitigate those risks. Having this discussion early in the selection process will optimize the service or product’s compatibility with the University’s information technology architecture, security, compliance, accessibility, and privacy principles. The ASR is a cross-functional team that will provide suggestions and observations for a successful implementation. The result of this collaborative process will be a comprehensive report that will include recommended solutions that are compatible with University architecture and mitigates risk.

*Please Note: while the ASR is not currently a mandatory process, departments must ensure that any technology product or service involving the transmitting, accessing, or storing of customer information subject to the Gramm Leach Bliley Act (GLBA), as well as all technology additions, major architecture changes, and updated contract terms, must go through an ASR. The GLBA applies to the University in connection with the following financial activities: financial aid, student loans and accounts, parent loans, faculty and staff loans (including mortgage loans) (collectively, “University loans”). Customer information is any record containing non-public personal information about recipients of University loans, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of the University. 

ASR Process Steps

ASR FAQs