What Is The Service?
Michigan State University (MSU) requires an Application Security Risk Assessment (ASRA) as part of the implementation of products or services. During the purchase of your product or solution, an SPSA was performed to determine if the supplier and their solution are capable of implementing necessary controls, and the ASRA determines what controls must be implemented based on the classification of the data, as described in the MSU Institutional Data Policy, in the solutions.
The ASRA does not replace the need for performing a Service Provider Risk Assessment during the procurement of a product or solution.
Who Is Eligible to Use It?
Service owners can submit a request for an ASRA.
How Do I Use It?
Submit an email to GRC@msu.edu with ASRA Request in the subject line.