Texas A&M UniversityTechnology Services
Texas A&M University | Technology Services
Texas A&M UniversityTechnology Services

IRB Ancillary IT Review: Traffic Light Scenarios

Streamlining IT security reviews for research projects through clear compliance guidelines and proactive planning.

How the Review Process Works

In an effort to all researchers to help speed up the Ancillary IT Review process, below are some "green light", "yellow light", "red light" scenarios. Do note that this does not preclude an IRB Ancillary IT Review, but does help to speed the process up when the appropriate due diligence has been done up front.

Tip for Success

  • Meet with your local IT personnel (e.g. the IT Executive Director or senior IT staff for your unit/college) to ensure that the devices, computers, cloud services, and/or technologies you propose to use meet TAMU and State requirements prior to submission.

For a listing of local IT personnel for your college, division, or unit, please refer to the Contact Us page.

Green Light

A "green light" scenario is one that should allow the Ancillary IT Review process to go quickly, as there are no foreseen factors that would require additional due diligence beyond validation of endpoints and any additional requirements being in place.

Items that facilitate a "green light" situation:

  • Using only TAMU-owned endpoints (workstations, laptops, desktops).
  • Using only TAMU Technology Services-managed endpoints with all required agents installed.
  • Using only TAMU-approved or TX-RAMP Level 2 certified cloud services.
  • Any sponsor or contractually-required requirements that exceed university requirements have been satisfied and/or put in place.

Yellow Light

A "yellow light" scenario is one where the IRB will work simultaneously with stakeholders (PI and other ancillary offices). The IRB will issue final approvals once the IRB review process is complete, while the researcher continues to work directly with the appropriate ancillary review office(s). The IRB outcome letter will note the pending ancillary approval(s).

Items that may incur a "yellow light" scenario:

  • Researcher choosing an alternative to a prohibited technology.
  • Contractual IT security requirements exceed university requirements and additional requirements being assessed or in process.

Red Light

A "red light" scenario is one that will essentially halt the approval process for the Ancillary IT Review. This is typically due to non-compliance with university, state, and/or contractual requirements. Final IRB approval is held until the ancillary group(s) concludes their review.

Items that may incur a "red light" scenario:

  • Researchers using personal devices instead of TAMU-owned, TAMU Technology Services-managed devices (e.g. computers, storage, etc.).
  • Using unapproved or personal cloud services instead of TAMU Technology Services-approved or TX-RAMP certified services.
  • Researcher and/or local IT working with cloud service vendor on TX-RAMP certification where the cloud vendor is seeking certification.
  • Cloud vendor backs out of TX-RAMP certification process.
  • External parties not compliant with TAMU data requirements.
  • Not meeting IT requirements outlined in a contract.
  • Using a prohibited technology.

Last Modified: August 11, 2025