Information Risk and Risk Management (IRRM) assessements are process to assess proposed solutions that faculty and staff are interested in implementing in their operations. MedIT works in partnership with the University's Information Security and Enterprise Architecture group through a very thorough process that requires support from the originators of the solution (typically a vendor) that can take anywhere from 6-10 weeks, depending on the complexity of the solution and amount of risk involved.
IRRMs are typically conducted as part of the overall procurement process to secure the products and services. IRRMs are an important aspect of the Faculty's Information Risk Management program.
You can find more detailed information on the University's IRRM assessement process here.