Risk Mitigation

The risk mitigation process must be followed when a system or process is required to meet Sacramento State's core mission and campus academic and administrative goals, however, the risk or non-compliance still exists.  The risk or non-compliance can be accepted if the Vice President and Chief Information Officer believed the campus risk is reasonably compensated to meet the intent of the Information Security Policy and Standards.

Risk Mitigation Process

A Dean, Vice President or Executive Director must complete the Risk Mitigation request form.  The fields match the Risk Monitoring template and can be copied from that process.  If copied, update the field with the final text.  Print, sign and send to the Information Security Office.  The Information Security Office will review the form and request clarification or updates if needed.  Once completed the Information Security Office will sign and present to the Vice President and Chief Information Officer.  Due to the complex nature of these requests The Vice President and Chief Information Officer may call a meeting before approving or denying the request.

A copy of the completed request will be sent to the Dean, Vice President or Executive Director.  A copy will also be scanned and uploaded into the Sacramento State Risk Management System.  These requests will be reviewed annually as part of the standard campus-wide risk assessment process.  This will also be an audit to confirm compensating controls are in place and reassess the security posture of the system.  If the request is not approved it will also be uploaded into the Sacramento State Risk Management system for reference.

Download the Risk Mitigation form here