Services
Printer-friendly version

Security Design Review

The Security Design Review (SDR) process is a collaborative discussion to help ensure the security of applications and systems and is required for servers and applications at Yale.  The Information Security Office (ISO) will review the platform, database and application. The process compares the system or application design to security best practices and compliance standards (i.e. HIPAA, FERPA, and GLBA, etc.).  This review process will allow you to partner with ITS to ensure that your new application or server is secure.

Why do I need an SDR?

The SDR process will provide recommendations for building, improving, or reengineering your design to meet University policies, industry best practices, laws, and regulation requirements. By starting your SDR early in your planning and design process, you will be able to minimize costs and prevent delays. A flawed design or implementation can increase the security risks and could have legal repercussions. The ISO understands that we cannot eliminate risks altogether, but we can minimize risk while decreasing costs and delays over the life of the project.

Features

Who can use it?

Yale faculty and staff.

How much does it cost?

This service is free. 

How do I get it?

Click the link below to submit a request for an SDR or other Risk Assessment. A member of the Information Security Office will contact you within five business days to schedule a time to discuss the security of the system or application with you.

Submit a Risk Assessment Request

Where can I get help?

Email Information Security Policy and Compliance (ISPC) at it.compliance@yale.edu.

Security Design Review

Service manager: 
Robert Jasek
Icon class: 
icon-shield
Short description: 

The Security Design Review process is a collaborative discussion to help ensure the security of applications and systems and is required for servers and applications at Yale. 

The Security Design Review (SDR) process is a collaborative discussion to help ensure the security of applications and systems and is required for servers and applications at Yale.  The Information Security Office (ISO) will review the platform, database and application. The process compares the system or application design to security best practices and compliance standards (i.e. HIPAA, FERPA, and GLBA, etc.).  This review process will allow you to partner with ITS to ensure that your new application or server is secure.

Why do I need an SDR?

The SDR process will provide recommendations for building, improving, or reengineering your design to meet University policies, industry best practices, laws, and regulation requirements. By starting your SDR early in your planning and design process, you will be able to minimize costs and prevent delays. A flawed design or implementation can increase the security risks and could have legal repercussions. The ISO understands that we cannot eliminate risks altogether, but we can minimize risk while decreasing costs and delays over the life of the project.

Features: 

Who can use it?: 

Yale faculty and staff.

How much does it cost?: 

This service is free. 

How do I get it?: 

Click the link below to submit a request for an SDR or other Risk Assessment. A member of the Information Security Office will contact you within five business days to schedule a time to discuss the security of the system or application with you.

Submit a Risk Assessment Request

Where can I get help?: 

Email Information Security Policy and Compliance (ISPC) at it.compliance@yale.edu.

3-lock data compliant: 
no