A resilient enterprise has the capacity to overcome disruptions, and the ability to continually adapt to an ever-shifting range of threats and vulnerabilities. Especially in the realm of IT resources, more protection is continually required. The risk assessment process is a key component for understanding and establishing university resilience. 

Conducting an IT Risk Assessment enables the departments to correlate IT resources with mission critical business processes and services. Using that information, it then becomes possible to characterize interdependencies and the consequences of potential disruptions, as well as to generate plans to eliminate or ameliorate risks.

This website details the steps necessary to complete your group’s Information Technology Risk Assessment (ITRA), which will provide valuable guidance in characterizing and mitigating possible setback affecting your department’s key IT infrastructure.

To begin the process, download the ITRA Template (DOCX) . Use the tabs on the left of this page to guide you through the five steps necessary to complete your IT Risk Assessment.

IT Risk Assessment Reporting

Using the ITRA Template provided, each departmental risk assessment team is expected to complete a report that can be easily shared with all parties involved in the process. This report should be maintained within the department. In addition, a copy of the completed ITRA report should be sent to Virginia Tech’s IT Security Office (ITSO). IT Risk Assessments must be reviewed and updated on an annual basis. If a department has no IT Risk Assessment in place, it is wise to begin the process now. The only valid ITRA is one that is current with regard to the technology assets present in the department. ITSO will maintain a centralized digital archive of ITRA reports for each department and unit at Virginia Tech. Reports can be sent as an attachment (pdf format is preferred) to riskassessments@vt.edu.