Request a Security and Privacy Assessment (SPA)
Information security risk assessments are required by University Policy 116 for all IT products or services contracted by the University of Ottawa.
Evaluation of the risks, vulnerabilities and recommendations
The Information Security Office and Access to Information and Privacy Office (AIPO) will identify vulnerabilities, evaluate the risks, and recommend a mitigation plan. The objective is to ensure the security risks are considered prior to acquisition and implementation of an IT product or service. Depending on the nature of the work required, the scope and depth of the review will vary.
Submit a SPA request
Submit your Security and Privacy Assessment request via the TopDesk Self-Service Portal and attach a completed SPA form.
Submit your SPA request