Request a Security Design Review

Why do I need an SDR? 

The Security Design Review (SDR) process exists to ensure Yale IT Systems are built and maintained securely to protect the confidentiality, integrity, and availability of Yale Data and IT Systems that support it.

When should I request an SDR?

An SDR should be requested when one of the following conditions apply: 

  • You are building or purchasing a new IT System that will access, create, store, transmit or receive (“host”) Yale Data. 
  • A significant change is being made to a current Yale IT System. This includes, but is not limited to a change in operations, hardware, access to the technology, or changes to the overall system classification.

By initiating the SDR early in your planning and design process, you will be able to minimize costs and prevent delays. 

How do I get it?

Before submitting an SDR Request, please have the following information ready:

  1. Know the classification of the Yale IT System
  2. Know who is responsible for supporting the system (Yale ITS, Local IT Support, Third Party Vendor)

For questions or concerns about classifying your system or determining who supports the system, contact

For IT Systems supported by Yale Information Technology Services (ITS) please visit the Security Requirements for ITS webpage. For all other IT Systems (i.e. locally supported or supported by a third party), click here to request a Security Design Review (SDR). 

How much does it cost?

This service is free of charge.

Where can I get help?

For questions or concerns about the SDR process, please contact the Information Security Office at