Submit a Security Design Review

The Security Design Review (SDR) process is a collaborative discussion to help ensure the security of applications and systems and is required for servers and applications at Yale.  The Information Security Office (ISO) will review the platform, database and application. The process compares the system or application design to security best practices and compliance standards (i.e. HIPAA, FERPA, and GLBA, etc.).  This review process will allow you to partner with ITS to ensure that your new application or server is secure.

Why do I need an SDR?

The SDR process will provide recommendations for building, improving, or reengineering your design to meet University policies, industry best practices, laws, and regulation requirements. By starting your SDR early in your planning and design process, you will be able to minimize costs and prevent delays. A flawed design or implementation can increase the security risks and could have legal repercussions. The ISO understands that we cannot eliminate risks altogether, but we can minimize risk while decreasing costs and delays over the life of the project.

Who can use it?

Yale faculty and staff.

How much does it cost?

This service is free of charge. 

How do I get it?

Submit the Risk Assessment Request form for Security Design Review (SDR) or other Risk Assessment requests. A member of the Information Security team will contact you within five business days to schedule a time to discuss the security of the system or application with you.

Where can I get help?

Email the Information Security Risk and Compliance team at