Need to request a risk assessment? — Reach out to Risk Team at


The information risk team provides guidance on information security risk management and privacy assessments to various units and divisions to enable them to manage information security risk exposure. This helps senior management to make risk-informed decisions. We also conduct risk assessments for IT systems (software, platforms, applications, webpages and services) that are implemented at the University.

Academic Advising and Career Centre office at the University of Toronto Scarborough campus


Data Asset Inventory and Information Risk Self-Assessment (DAI-IRSA) program

A university-wide self-assessment of the current as-is state of information risk to your division’s business (academic or administrative) based on data, roles, processes, systems, connections, constraints and sensitivity.

Project / vendor information risk management assessment

A project/vendor risk assessment based on data, roles, processes, systems, connections, constraints and sensitivity helps to identify and treat risks early. This also includes assessing the vendors involved to identify and treat supply chain related risks to minimize impacts on the project.

Featured project

A group of people collaborating.

Information Security Risk Management Program (IRMP)

The IRMP is a set of processes and procedures, designed to establish a structured approach for identifying, assessing, prioritizing and managing risks that could impact the mission and objectives of your unit.

The IRMP allows a dynamic and flexible approach to manage security and privacy risks continuously and to address changes within your unit.


Rishi Arora

Risk Program Coordinator

Ashish Bagayat

Security Risk Consultant

Jesse Beard

Security & Treat Analyst

Areg Harutyunyan

Security & Threat Analyst

Ashley Langille

Kanupriya Parab

Manager, Information Security Risk Management