Choosing a technical solution for a problem or a business need requires planning and careful thought. The Balancing Risk and Innovation recommendations listed below prepare you to write an effective problem statement, consider the data being shared and the security of the technology solution.

The goal of this process is to understand and manage risk when considering a technical solution, which leads to better security of OSU's data and better technical solution choice and adoption in DFA.

Ready to consult with DFA IT?

Screen a Technical Solution

Define the Problem or Need

Understanding the problem that you are trying to solve is the first step in balancing risk and innovation when it comes to adopting a technical solution. A defined problem statement gives you a way to talk about your unit's needs to others and allows you to contextualize and discuss other approaches and research other options, such as using an already-existing tool. DFA IT is available to help assist you in writing an effective problem statement.

Establish the Need for a Solution (technical or otherwise)
  • What is the basic need?
  • What is the desired outcome?
  • Who stands to benefit and why?
Contextualize the problem
  • What approaches have we tried?
  • What have others tried?
Resources for writing a problem statement

Are you solving the right problem? - Harvard Business Review, Sept 2012

How to Write an Effective Problem Statement - iSixSigma, April 2018 (with examples)

Understand the Data

All information that you share with a third-party technical solution is considered data. OSU's Office of Information Security classifies data into three categories:

  1. Unrestricted - for general use 
  2. Sensitive - for certain individuals  
  3. Confidential - most restricted information; could have negative consequences if released.

It's important to understand the data that you'll be sharing before adopting a solution. DFA IT can help you determine the data classification as you consider a technical soltion. 

Know the Security of the Solution

Having some baseline information about the security practices of a provider goes a long way to ensuring confidence in the solution.  There are few easy checks you can make including:

  • Is there information about the company readily available online?
  • Does the company have a security policy? (likely in the links at the bottom of the website)
  • Does the company have a data handling policy? (i.e., What is being done with the information? What resources am I providing the company? Are they sharing it with an additional third party?)

If the information is hard to find, there may be concerns with the security of the technical solution. DFA IT is available to help assess the security of a solution you may be considering.

Need More Help?

If you are ready to consult with DFA IT or need help with the above recommendations, please fill out the screening form to the best of your knowledge. DFA IT staff will be in contact with you shortly to assist you in the process. 

Screen a Technical Solution


Data Classifications from the Office of Information Security
Risk Assessment Tools from Insurance and Risk Management
Risk Appetite Statements 

Data-protected AI:, select Chat when logged into ONID to use Bing Chat Enterprise