Request a Security Design Review

The Security Design Review (SDR) process is coordinated by the Information Security, Policy and Compliance team to ensure Yale technology is built and maintained securely. The process evaluates the technology design and how it meets Yale’s Minimum Security Standards for the technology’s cyber risk classification

Why do I need an SDR? 

Yale’s Minimum Security Standards exist to protect the confidentiality, integrity, and availability of its data and ensure compliance with external obligations. The SDR process evaluates how the technology meets these standards and looks to remediate any design flaws in an effort to decrease the overall cyber security risk. 

When should I request an SDR?

An SDR should be requested when one of the following conditions apply: 

  • You are building or purchasing a new technology that will access, create, store, transmit or receive (“host”) Yale data. 
  • A significant change is being made to a current Yale technology. This includes, but is not limited to a change in operations, hardware, access to the technology, or changes to the overall cyber risk classification

By initiating the SDR early in your planning and design process, you will be able to minimize costs and prevent delays. 

Who can use it?

Yale faculty and staff.

How much does it cost?

This service is free of charge. 

How do I get it?

Before submitting your Security Design Review (SDR) request, please classify your technology as high, moderate or low risk. Details on how to classify your technology can be found by visiting the Classifying Technology web page. 

Click here to request a Security Design Review (SDR). A member of the Information Security, Policy and Compliance team will contact you to schedule a time to discuss the security of the technology with you.

Where can I get help?

Email the Information Security Risk and Compliance team at