ASRB Authority

Per University Policy 1307: Procurement and/or Development of Administrative Systems/Applications, all procurement and/or development of administrative systems/applications must be reviewed and approved by the Architectural Standards Review Board (ASRB) in advance of purchase or development so the university may verify compliance with federal, state, and university policies, eliminate duplication, and ensure compatibility with existing systems. Proposed additions of administrative systems/applications that are not deemed appropriate by the ASRB will not be approved for purchase, development, or implementation by any university unit.

The following are links to sections on this webpage:

For questions, please contact the ASRB via email at asrb@gmu.edu.

Data & Regulated Data Defined

Data Definition

Data is defined as information processed, transmitted, and/or stored by a computer. Data is typically stored in the following forms, but not limited to:

  • documents
  • images
  • audio and video files
  • software

Data may be stored locally on a hard drive, on a server, or in the cloud.

Data may contain sensitive personal information that is regulated by university policy, state and federal regulations and laws. Policies are listed below.

Regulated Data Definition

Regulated data is any data or software element regulated by state/federal law, university policy, or other entity that the university is bound to comply with (contracts, agreements, etc.). Further, all software requests should be reviewed by the ASRB to determine if any data or software element is regulated by state/federal law, university policy, or other entity that the university is bound to comply with (contracts, agreements, etc.).

The following constitutes regulated data. A system, in this context, refers to software or multiple software/hardware components working together as a single process.

  • A system that uses extracted data or information from a Mason owned system.
  • A system that uses Mason authentication (NetID and password).
  • A system that contains sensitive information (from Mason or captured by the software).
  • A system that will be installed on Mason's networks, specifically in a secured network zone or zone containing sensitive systems or data.
  • A system with a GUI  must meet accessibility standards and comply with all accessibility policies, rules, regulations, and laws.
  • A system with other integration with Mason owned systems.
  • A system with restrictions around import/export control.
  • A system requiring ITS resources and/or services.