The ITSO is implementing a new cloud-based risk assessment system called ISORA which was developed by higher ed for higher ed. The ITSO encourages you to wait until this system is implemented (coming spring 2020) before completing your next IT risk assessment.  New ITRAs must be conducted every three years unless new systems/services have been implemented or your department must be meet additional compliance requirements (e.g., GLBA).   Risk assessments should be reviewed annually. Questions can be sent to