Frequently Asked Questions

Remember, TRAC isn’t just a protocol – it's a partnership. Let's work together to achieve innovation safely and successfully at Western University.  

Q1: What is a Risk Assessment? Why does it matter?

The Technology Risk Assessment (TRAC) is a process for evaluating proposed technology solutions that are planned to be integrated into Western University’s environment. TRAC ensures all tech-related tools (software, hardware, data provisioning, etc.) are introduced with clarity about risk. TRAC provides a layer of due diligence so that tech solutions introduced at Western are both informed and secure. Read more about TRAC.



Q2: I've found a technology solution that's perfect for my project. Do I still need a Technology Risk Assessment?

Technology Risk Assessments are all about protecting the data of both individuals and Western as an institution! Any new technology solution should go through TRAC, but to be sure, fill out the Preassessment Form. Remember, TRAC isn’t an approval process! It’s due diligence to ensure that you are aware of the risks of the technology being introduced and ensures that appropriate ownership of the risks can be accepted.



Q3: How do I know if a solution already exists on campus? 

Technologies that have a Master Service Agreement are available for use for Western initiatives without the need for TRAC. To determine if a solution has already been reviewed, email



Q4: Are platforms like Google Suite and Facebook off-limits for my research project? 

While not off-limits, the use of social media for collecting personal or sensitive data is strongly discouraged. Social media cannot be assessed by TRA. The use of social media and any associated risks fall solely on the individual using the tool and not Western University. If you are a researcher, email for further guidance.



Q5: I’m planning to engage with a vendor. Are there resources to help me kickstart the conversation, especially concerning privacy? 

Yes! If you are engaging with a vendor, make sure the appropriate protocols are followed. You may require Contract Negotiations, Privacy Impact Assessments, or other processes or committees. Learn more about Related Processes and Committees. There is also a Vendor Information Form that you can use when crafting your TRAC submission.



Q6: What's the process for using a 'Medium Risk' solution?  

When TRAC identifies that a solution is “Medium Risk” within a Research context, the ultimate decision to proceed with a solution is in the hands of the Principal Investigator. They will assume the risk of the solution if they move forward with it.

When TRAC identifies that a solution is “Medium Risk” within an Administrative context, awareness at the AVP level is required. Teams should work to eliminate or mitigate the risk as much as possible.



Q7: Can TRAC process help if my research team is developing its own technology tools or platforms?

TRAC doesn’t directly scrutinize in-house applications but can provide important security and operational guidance. Email for more information.


Q8: Who do I reach out to if I have more questions or need personalized guidance? 

The TRA Committee is here to help! If you have additional questions or concerns not answered on this website, or if you require additional guidance or clarification, email