ASRB Authority
Per University Policy 1307: Procurement and/or Development of Administrative Systems/Applications, all procurement and/or development of administrative systems/applications must be reviewed and approved by the Architectural Standards Review Board (ASRB) in advance of purchase or development so the university may verify compliance with federal, state, and university policies, eliminate duplication, and ensure compatibility with existing systems. Proposed additions of administrative systems/applications that are not deemed appropriate by the ASRB will not be approved for purchase, development, or implementation by any university unit.
The following are links to sections on this webpage:
For questions, please contact the ASRB via email at asrb@gmu.edu.
ASRB Organizations
The following organizations may be a part of the ASRB review process and will have specific areas of the request they will be reviewing:
- Solution Integration and Architecture (SIA)
- Project Management Office (PMO)
- Enterprise Applications (EA)
- Enterprise Infrastructure Services (EIS)
- Information Technology Security Office (ITSO)
- Assistive Technology Initiative (ATI)
- The owner of any data requested, if applicable (e.g., HR, Registrar, Finance, etc.)
- Other Departments
Data & Regulated Data Defined
Data Definition
Data is defined as information processed, transmitted, and/or stored by a computer. Data is typically stored in the following forms, but not limited to:
- documents
- images
- audio and video files
- software
Data may be stored locally on a hard drive, on a server, or in the cloud.
Data may contain sensitive personal information that is regulated by university policy, state and federal regulations and laws. Policies are listed below.
Regulated Data Definition
Regulated data is any data or software element regulated by state/federal law, university policy, or other entity that the university is bound to comply with (contracts, agreements, etc.). Further, all software requests should be reviewed by the ASRB to determine if any data or software element is regulated by state/federal law, university policy, or other entity that the university is bound to comply with (contracts, agreements, etc.).
The following constitutes regulated data. A system, in this context, refers to software or multiple software/hardware components working together as a single process.
- A system that uses extracted data or information from a Mason owned system.
- A system that uses Mason authentication (NetID and password).
- A system that contains sensitive information (from Mason or captured by the software).
- A system that will be installed on Mason's networks, specifically in a secured network zone or zone containing sensitive systems or data.
- A system with a GUI must meet accessibility standards and comply with all accessibility policies, rules, regulations, and laws.
- A system with other integration with Mason owned systems.
- A system with restrictions around import/export control.
- A system requiring ITS resources and/or services.
Policy
All users of the George Mason University network must adhere to the following policies:
If you are purchasing or changing administrative or academic software and/or hardware, the following policies may be applicable:
University policies:
- University Policy Number 1307: Procurement and/or Development of Systems/Applications
- University Policy Number 1201: Non-Discrimination Policy
- University Policy Number 1203: Non-Discrimination and Reasonable Accommodation on the Basis of Disability
- University Policy Number 1308: University Information Technology Accessibility
Commonwealth of Virginia Law and Regulation:
NIST 800-171 Compliance:
NIST 800-53 Rev. 4 Compliance
Federal Disability Laws and Regulations: