1 Tex. Admin. Code § 215.12

Current through Register Vol. 49, No. 48, November 29, 2024
Section 215.12 - DCS User Responsibilities
(a) Each DCS Customer shall provide to the department the name, title, contact information, including emergency contact, of the designated employee(s) authorized to initiate, change, modify, or amend services. At a minimum it shall include:
(1) Executive level technology officer such as a Chief Information Officer or Information Resources Manager; and
(2) Customer Representative.
(b) Each DCS Customer is responsible for ensuring that its use of DCS services is in compliance with applicable law, policy, and procedures.
(c) For software products not initially procured by or through the DCS program on behalf of DCS Customer, the DCS Customer shall coordinate with the DCS program to ensure complete documentation of entitlement is on file. The DCS Customer is responsible for providing proof of entitlement; without which, the DCS Customer is solely responsible for software license compliance.
(d) Each state agency customer that receives funding through the state appropriations shall coordinate with the department and the Legislative Budget Board to establish anticipated DCS program needs for each subsequent biennium. In coordination with the department, the state agency shall consider:
(1) Type and volume of future service; and
(2) Planned IT projects.
(e) To ensure savings to the state, each designated state agency shall make all reasonable efforts to affect server consolidation into the state data center. At a minimum, a designated state agency shall do the following:
(1) Coordinate with service provider to establish a consolidation plan in which server move groups and schedules for the consolidation of move groups are established;
(2) Coordinate with the department and the Legislative Budget Board to ensure its biennium budget includes the resources necessary to accomplish server consolidation per the established consolidation plan;
(3) Make all reasonable efforts, including the remediation of impacted applications, to ensure the consolidation plan is accomplished as scheduled.
(f) Audit notification.
(1) DCS Customers shall promptly notify the department whenever the customer becomes aware that an audit or compliance review is planned by external, internal, software vendor, or federal oversight auditors that will require audit assistance from the DCS program Service Providers. In any event, where audit assistance is required, the DCS Customer shall notify the department of planned audit or compliance review no less than five business days prior to anticipated start of audit or compliance review.
(2) In performing audits, DCS Customers shall endeavor to avoid unnecessary disruption of the DCS program operations and duplication of other audits. Therefore, DCS Customers shall leverage SOC or comparable audits provided for under the DCS contract, to the extent possible.
(3) The state auditor, the department's internal auditors, a state agency's internal auditors, and if applicable, the Office of Inspector General of the agency, or federal auditors, may conduct audits or investigations of any entity receiving funds from the state directly under a contract or indirectly under a subcontract for Statewide Technology Center services.
(4) A DCS Customer may request copies of audit reports submitted to the department as required by the DCS contract and governed by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) or successor group. The requesting DCS Customer should submit the request to the DCS Audit Coordinator at the department. Due to the confidential nature of information in the report, the requesting DCS Customer shall only distribute the report to its staff that have a legitimate business need for access to the report and may not distribute the report to external auditors or entities. External auditors that require access to a report in connection with an audit of a DCS Customer must contact the DCS Audit Coordinator and sign a non-disclosure agreement prior to receiving a copy of the report.
(g) Technology planning.
(1) Each DCS Customer will participate in an annual DCS technology planning process based on instructions provided in the technology planning process as documented in the Service Management Manual. This planning will relate to the services the DCS Customer receives or expects to receive through the program.
(2) All DCS Customer shall follow the technology standards for hardware and software configurations as specified in the annual technology plan and Service Management Manual. DCS Customers seeking exception to specified technology standards shall comply with the relevant Service Management Manual.
(h) Governance process.
(1) All DCS Customers will participate in the governance process designed to facilitate individual customer input into enterprise decisions that affect all customers. Each customer is assigned to a group of similar customers, called a "partner group", and that group will be given one membership position on each governance committee. Members of the partner group are expected to represent the interests of all partner group members in governance decisions.
(2) Enterprise-level decisions and resolution of escalated DCS Customer-specific issues shall be addressed through standing governance committees, organized by subject area and comprised of representatives from the department, DCS Customers, and service providers. Participation on committees is selected from each designated partner group.
(i) Confidential data.
(1) DCS Customer shall provide its specific confidentiality requirements as determined by the nature of the data stored in the DCS program. Generally, the specific confidentiality requirements shall be appended to the interagency or interlocal contract. The Service Management Manual shall provide additional documentation on the specific procedures, including the process DCS Customers shall follow to identify confidential information.
(2) In general, a DCS Customer shall include in the interagency or interlocal agreement:
(A) General notification as to the type of confidential data and the laws that guide in the handling of such data; and
(B) Subsequent changes to laws that apply to previously identified confidential data.
(j) Security.
(1) DCS Customers shall comply with the Security Incident Management and Response process available in the Service Management Manual.
(2) DCS Customers shall be in compliance with 1 Texas Administrative Code Chapter 202.

1 Tex. Admin. Code § 215.12

Adopted by Texas Register, Volume 40, Number 11, March 13, 2015, TexReg 1370, eff. 3/17/2015; Amended by Texas Register, Volume 43, Number 37, September 14, 2018, TexReg 5947, eff. 9/17/2018; Amended by Texas Register, Volume 46, Number 31, July 30, 2021, TexReg 4683, eff. 8/1/2021