Information Technology Services IT Security Office

The Departmental Risk Assessment Coordinators Program (DRAC) is intended to provide university departments with the framework and resources necessary to complete a mandatory risk assessment for information technology (IT) security within their individual environments. University departments will be required to conduct risk assessments on a regular basis as well as when there have been significant changes to a department’s IT infrastructure. Each department will appoint one or more Departmental Risk Assessment Coordinators or DRAC(s) to conduct the IT risk assessment and develop an appropriate security plan.