For many years, the University of Maryland has maintained a process to review software acquisitions for security, accessibility, and data privacy. In light of recent data breaches and the updated Title II digital accessibility regulations from the U.S. federal government, we have refined and formalized this process into what is now known as the Software Risk Management (SRM) process.
The SRM process ensures that software tools used across the university are secure, compliant, and efficient, protecting both university data and resources. This refined approach brings greater transparency, consistency, and accountability to how we evaluate and approve software purchases.
UMD is integrating risk review directly into our procurement systems. Starting March 2, 2026, requests to purchase software will be automatically routed in Workday to the DIT-based SRM team for review. This review will need to be completed before Procurement can move forward with their part of the purchasing process.
More information about the SRM process, training, and resources can be found at the SRM website.
Questions can also be directed to the DIT Business Office during weekly virtual office hours, which will be held weekly on Thursdays from 10 until 11 a.m. on this Zoom starting January 22. Questions can also be emailed to software-risk-mgmt@umd.edu.
Thank you for your continued partnership in keeping the University of Maryland’s systems secure and compliant.
-- Adapted from an email to all UMD faculty and staff sent January 21, 2026 and signed by Jeffrey K. Hollingsworth, Vice President and Chief Information Officer, and Greg Oler, Vice President for Finance and Chief Financial Officer --