Skip to main content

Rutgers Risk Management Program

Rutgers Risk Management Program

Rutgers Risk Management Program consists of identification, assessment, and prioritization of risks following a coordinated and efficient application of resources to minimize, monitor, or control the likelihood of unfortunate occurrences. The Risk Management Program allows senior managers to balance the operational and economic costs of protective measures and achieve gains in our overall mission capability by protecting the IT systems and data that support the institution’s missions. Rutgers Risk Management Program encompasses three processes: risk assessment, risk mitigation, and monitoring (evaluation).

Risk assessment is the first process in the Risk Management Program methodology. The institution uses risk assessments to determine the extent of potential threats and the risks associated with an IT system throughout its software development life cycle (SDLC). The output of this process helps to identify appropriate controls for reducing or eliminating risk during the risk mitigation process.

Risk mitigation, the second process of the Risk Management Program, and involves prioritizing, evaluating, and implementing the appropriate risk-reducing controls recommended by the risk assessment process. Because the elimination of all risk is usually impractical or close to impossible, it is the responsibility of senior management and functional and business managers to use the least-cost approach and implement the most appropriate controls to decrease mission risk to an acceptable level, with minimal adverse impact on the organization’s resources and mission. The four types of risk mitigating strategies include risk avoidance, acceptance, transference, and mitigation.

Monitoring (Evaluation) is imperative because Rutgers University’s networks will continue to be expanded and updated, its components changed, and its software applications replaced or updated with newer versions. In addition, personnel changes will occur and security policies are likely to change over time. These changes mean that new risks will surface and risks previously mitigated may again become a concern. Thus, the Rutgers Risk Management Program and its strategy is ongoing and evolving.

Risk assessments

Third Party Vendor Risk Assessments

Rutgers Risk, Policy, and Compliance (GRC) Third-party Vendor Risk Assessment is the process of screening and evaluating third party suppliers as potential business partners.

Application Risk Assessments

Rutgers Risk, Policy, and Compliance (GRC) Application Risk Assessment process scopes and assesses applications through a standardized and risk-based methodology.

Hybrid Entity Risk Assessments

Rutgers Risk, Policy, and Compliance (GRC) Risk Assessment process involves analysis of identified hybrid entities under HIPAA whose business activities include both covered and non-covered functions within the institution.

Third Party Vendor Recertification

Rutgers Risk, Policy, and Compliance (GRC) annual recertification process ensures the continued security of the institutions information assets.

Ad Hoc Security Risk Assessment

Rutgers Risk, Policy, and Compliance (GRC) ad hoc assessment is an improvisational approach to risk management and seeks to analyze security and control gaps by applying industry standards and frameworks.


Please contact us if you have any questions or concerns about the Risk Management Program.