Statutes, codes, and regulations
Texas Administrative Code
Title 1 - ADMINISTRATIONPart 10 - DEPARTMENT OF INFORMATION RESOURCESChapter 202 - INFORMATION SECURITY STANDARDS
Subchapter C - INFORMATION SECURITY STANDARDS FOR INSTITUTIONS OF HIGHER EDUCATION
Section 202.75 - Managing Security Risks

1 Tex. Admin. Code § 202.75

Download
PDF
Current through Register Vol. 49, No. 48, November 29, 2024
Section 202.75 - Managing Security Risks

A risk assessment of the institution's information, information systems, and applications shall be performed and documented.

(1) Risks and impact impacts will be ranked, at a minimum, as either "High," "Moderate," or "Low."
(2) The schedule of the future risk assessments will be documented.
(3) Risk assessment results, vulnerability reports, and similar information shall be documented and presented to the Information Security Officer or their designated representative(s).
(4) Approval of the security risk acceptance, transference, or mitigation decisions shall be the responsibility of:
(A) the Information Security Officer or their designee(s), in coordination with the information owner, for systems identified with Low or Moderate residual risk.
(B) The institution of higher education head for all systems identified with a High residual risk.

1 Tex. Admin. Code § 202.75

The provisions of this §202.75 adopted to be effective November 28, 2004, 29 TexReg 10703; Amended to be effective April 24, 2006, 31 TexReg 3373; Amended to be effective September 17, 2009, 34 TexReg 6315; Amended to be effective June 11, 2012, 37 TexReg 4183; Amended by Texas Register, Volume 40, Number 11, March 13, 2015, TexReg 1365, eff. 3/17/2015; Amended by Texas Register, Volume 46, Number 46, November 12, 2021, TexReg 7778, eff. 11/17/2021