Loading...
Visit the ISORA to register applications and vendor-managed services your department is responsible for.
 
Applications
ISORA is a web-based tool managed by the UT Information Security Office that allows departments to record information about the applications they have developed or installed in their areas. This registry tracks information such as: application stewards, data classification, priority, associated systems, etc. This registry also allows for applications to be consistently assessed against the Minimum Security Standards for Application Development and Administration and comply with the System Development and Deployment Standard (Section 21) of the UT Austin Information Resources Use and Security Policy.
 
Applications are generally services that are created or managed by the university (on or off-premise) where no third parties have access to university data. These can be applications that are built in-house, open source products or purchased products that the university manages.
 
NOTE: In accordance with Texas Administrative Code (TAC) 202 and UT System policy, all applications processing Confidential university data or that are deemed Mission Critical must be registered and assessed by ISORA. Such assessments must be renewed annually.
 
More information about Application Assessments and Inventory can be found at:
https://wikis.utexas.edu/pages/viewpage.action?pageId=297382786
 

Vendor-managed Services/Products
ISORA is also the tool to use for registering vendor-managed services and products. These can be services vendors manages on or off campus (e.g., software-as-a-service).  These services are assessed using the Higher Education Community Vendor Assessment Tool (HECVAT) framework and are compared with other assessed vendor in their respective verticals.  ISORA also provides departments with insights as to how other vendors might fare with respect to the HECVAT standard at UT Austin and across other campuses that are also using the ISORA tool for vendor assessment. These actions ensure compliance with related state laws and the Vendor and Third-Party Controls and Compliance Standard (Section 22) of the UT Austin Information Resources Use and Security Policy
 
Vendor products are services, appliances, software that are managed by the vendor (on-premise or off) and where the vendor has access to university data.
 
NOTE: In accordance with Texas Administrative Code (TAC) 202 and UT System policy, all vendor-managed services and products processing Confidential university data or that are deemed Mission Critical must be registered and assessed by ISORA. Such assessments must be renewed annually.
 
More information about Vendor Assessments and Inventory can be found at: