Skip to main content

Request a Security Design Review 

What is a Security Design Review (SDR)?

A Security Design Review (SDR) is a process to ensure the security of Yale IT Systems. Yale IT Systems must meet and maintain the security requirements for the risk they carry. Security requirements for Yale IT Systems include:

Request a Security Design Review (SDR)

Why do I need a SDR?

A SDR will highlight areas that put Yale Data or IT Systems at risk. Yale policy requires a SDR for all high and moderate risk IT Systems. An SDR is not required for low risk IT systems hosted in the cloud. Low risk IT Systems hosted by Yale must go through a consolidated SDR.

Request the SDR as soon as you can. By initiating the SDR early in your design process, you can minimize cost and prevent delays.

When should I request a SDR?

Request a SDR when any of the following conditions apply:

  • You are building or purchasing a new IT System that will access Yale Data. Access can mean it will create, store, transmit, or receive Yale Data.
  • A significant change is being made to a current Yale IT System. This includes, but is not limited to a change in:
    •     System classification (e.g. a moderate-risk system is now accessing high risk data)
    •     Operations
    •     Hardware
    •     Access to the technology

What do I need to know to submit a SDR request?

Before submitting a SDR request, please have the following information ready:

  • The risk classification of the Yale IT System.
  • The contact information for those responsible for supporting the IT System. This can be Yale ITS, Local IT Support, or a third-party vendor.

Click here to request a Security Design Review (SDR)

Need help?

Send us an email with any questions about the SDR process.