The Risk Assessment Process identifies risks and explores the fitness of a planned implementation of a new product to be purchased or developed, a major upgrade, enhancement or the migration of an existing system. eTools, cloud services, network system connections and apps must also go through the Risk Assessment Process. This process involves multiple units, including Information Security, the Privacy Office and possibly the Office of the General Counsel and/or Purchasing.