Cybersecurity Risk Assessments

Tags ITS staff


Information Technology Services conducts cybersecurity risk assessments using the Rsam governance, risk and compliance system. Risk assessments are conducted to identify campus technology risks and ensure compliance with federal regulations, like HIPAA and GLBA.

If you are assigned as a Respondent within Rsam, you are responsible for completion and submission of the assigned assessment. For questions, please contact

How do I access the assessment?

You will receive an email from Rsam Notification indicating the name of the assessment you have been assigned and the date the assessment is complete. Click the link provided within the email to access the assigned assessment.

If prompted, enter your WVU Login credentials to log into Rsam. Once in Rsam, you will be directed to the My Assessments tab. Click Answer Control Questions to open the assessment and begin answering questions.

How do I answer questions?

Assessment questions are generally organized by topics. Select the answer from the drop-down list that most applies to your operations. Additional comment fields may populate based on your selection.

How do I submit a completed assessment?

Once all the questions have been answered on a page, the section header will turn green and a check mark will display beside the questions and sections that is complete. After you click the Submit Assessment Responses button, you will receive an email confirming that you have submitted the assessment and that ITS will review it.

My assessment was sent back for clarification. What do I need to do?

If ITS has any questions or requires clarification on any answers, it will send the assessment back to you to update. You will receive an email from Rsam indicating that further clarification is needed. A breakdown of the items that need addressed will be provided. Once you have updated the requested information, resubmit the assessment by clicking the Submit Assessment Responses button, as before.

I received an email that compliance gaps were identified with my assessment. What does that mean?

After ITS has reviewed the assessments and accepted all answers, Rsam will evaluate the answers for compliance and identify any gaps based on the answers provided. Compliance gaps will be noted as Questionnaire Findings within Rsam. To see the findings generated for your assessment, click the link provided within the email notification, or login to Rsam (, and navigate to Questionnaire Findings Navigator under the Assessment Management tab.

The severity of each risk identified will be displayed. All gaps identified will be addressed in one of three ways: creation of a remediation plan, acceptance of risk, or implementation of compensating controls to mitigate the risk.



Article ID: 96448
Fri 1/24/20 10:04 AM
Fri 1/24/20 10:54 AM