Risk Decision Requests (RDR)

Submit a Risk Decision Request (RDR)

The decision to leave a vulnerable IT system/service connected to Michigan Medicine resources - or to disconnect (aka Terminate) that access is ultimately at the discretion of the Chief Information Security Officer (CISO). These decisions are based on a number of standardized factors; however, each system will be considered based on the needs of the organization.

• What questions/requirements will I need to address as part of the RDR process?
• How do I know what type of "plan" to select when submitting an RDR?