Request a Security and Privacy Assessment (SPA)

Information security risk assessments are required by University Policy 116 for all IT products or services contracted by the University of Ottawa.

Evaluation of the risks, vulnerabilities and recommendations

The Information Security Office and Access to Information and Privacy Office (AIPO) will identify vulnerabilities, evaluate the risks, and recommend a mitigation plan. The objective is to ensure the security risks are considered prior to acquisition and implementation of an IT product or service. Depending on the nature of the work required, the scope and depth of the review will vary.

Security and Privacy Assessment form

Review Policy 116

Submit a SPA request

Submit your Security and Privacy Assessment request via the TopDesk Self-Service Portal and attach a completed SPA form.

Submit your SPA request