For Vendors to Complete

UofT-Information-Risk-Management-Questionnaire updated Dec 18, 2019

  • This IRMQ applies to internal projects and to vendors.
  • Vendors – as per the previous page, the IRMQ details what sections need to be completed in addition to a HECVAT.

Information Risk and Risk Management Assessment Template – coming soon

For University Project Sponsors to Complete

UofT Internal Data Protection Questionnaire

This intake form is for information risk assessments of projects or applications, managed internally or with a vendor. The information submitted will allow us to understand the purpose of your project and what is at risk. Skip any questions that you think do not apply, or you don’t have answers to.

Questions in the form helps us establish the:

  •     purpose and scope of the project
  •     privacy controls in place for the data being collected or used
  •     nature of the agreement with the vendor (if applicable)