- Accounts on REDCap are created before users are granted access to the Self-Assessment survey form.
- UTORMFA is required to access the IRSA Assessment Tool on REDCap.
See UTORMFA page to enroll and for more information about the service.
Not every person involved in a self-assessment will need access to the survey tool, depending on how the unit has decided to collect responses. At the very least, the individual assigned to coordinate the assessment for your organization should have access so that they can record responses.
Activating a REDCap Account
- After registration with the IRSA, you and any delegates you indicate will receive an email confirming access to REDCap. To activate your account:
- Go to https://redcap.utoronto.ca and login.
- Complete the Basic User Information form, and submit.
- Find the confirmation email sent to your inbox. Follow the instructions in the email to verify your account.
Once your account is verified, you will be able to access your unit’s survey.
Locating your Unit Survey in REDCAP
When your account is activated, login to https://redcap.utoronto.ca, and select My Projects from the welcome page.
Click on Unit Information Risk Self-Assessment
Select Record Status Dashboard from the left menu:
Completing your Unit IRSA in REDCAP
Start the assessment. The IRSA is organized into four sections:
- Data Asset Inventory
- Priority questions
- Management questions
- IT Questions
Click on the dot under the current year to open the survey form. If time is an issue, we recommend you start with the priority questions form, and review the questions in the other forms for relevance to your unit.
Before starting, we recommend you attend a workshop, drop-in session or review the training and resources available to help you prepare for a successful assessment!
Each risk area represented in the assessment form, will guide you through a series of questions that will help you:
- Assess your unit’s current state of risk management in this area,
- Identify any gaps in your current activities,
- Select a strategy for addressing gaps, and
- Record a plan for implementing your strategy.
This is a high-level assessment. The level of detail you provide should be enough for you to understand the scores and strategies when you are reviewing your results. Additional information for each question is also provided.
At the end of each form there is a field where you can mark the assessment as complete. When all three forms are marked complete, the IRSA Team will send you a static report of your results consisting of a one-page summary and the full results of your assessment – your Information Risk Management Program.
See Reporting Tools for more information.