Faculty and staff are encouraged to use this form to alert the Information Security Office (ISO) to new or existing projects, agreements, and other research matters that may require the creation of a data security plan, authorization from the ISO, and/or advisement from the ISO on matters of technical capabilities, compliance, and general research security topics.
Security assessments related to the acquisition or renewal of IT products and services should be requested using the Security and Accessibility Assessment Request form. All members of the university's research community are encouraged to review the solutions offered by the Division of IT and the ISO's Research Security Guide. If you intend to use an IT product or service that is not provided by the Division of IT or present in the IT Software Catalog, a separate, concurrent assessment may need to be performed on those products or services.
Submission of this form will generate a ticket in the Division of IT ticketing system filed under your NetID. You should receive a confirmation email within a few minutes of submission, and you may reply to that email at any point in the process to share additional information, ask questions, and/or discuss the request with the ISO. You may also check the status of your ticket here: https://services.txst.edu/TDClient/39/ITAC/Requests/TicketRequests/
Depending on volume, an ISO representative should be in contact within 10 business days. Timelines may vary significantly depending on the nature and complexity of the request and scheduling availability of the PI and/or other stakeholders involved in the project.
As noted later in this form, sharing information about your project can help the ISO make faster progress on its assessment. Topics covered in this form include what technology is planned for use, the types and volume of data, and what types of compliance factors and other risks may be involved in the project.
Sharing copies of some types of documents related to the project may help expedite the ISO's assessment. Examples of these types of documents may include: drafted contracts, data use agreements (DUA), statements of work (SOW), memorandum of understanding (MOU), data management plans, compliance requirements, grant narratives and applications, proposals, and IRB applications.