This is a clone of the Texas Administrative Code (TAC) for educational purposes. It is not the official version and should not be used for legal purposes. Site created Wed, 21 May 2025 21:16:35 GMT

Home > Title 1 > Part 10 > Chapter 202 >Subchapter C > Rule 202.75
TITLE 1 - ADMINISTRATION
PART 10 - DEPARTMENT OF INFORMATION RESOURCES
CHAPTER 202 - INFORMATION SECURITY STANDARDS
SUBCHAPTER C - INFORMATION SECURITY STANDARDS FOR INSTITUTIONS OF HIGHER EDUCATION
SECTION/RULE §202.75 - Managing Security Risks
Chapter Review Date 03/22/2022

A risk assessment of the institution's information, information systems, and applications shall be performed and documented.(1) Risks and impacts will be ranked, at a minimum, as either "High," "Moderate," or "Low."(2) The schedule of the future risk assessments will be documented.(3) Risk assessment results, vulnerability reports, and similar information shall be documented and presented to the Information Security Officer or their designated representative(s).(4) Approval of the security risk acceptance, transference, or mitigation decisions shall be the responsibility of:(A) the Information Security Officer or their designee(s), in coordination with the information owner, for systems identified with Low or Moderate residual risk.(B) The institution of higher education head for all systems identified with a High residual risk.

Source Note: The provisions of this §202.75 adopted to be effective March 17, 2015, 40 TexReg 1357; amended to be effective November 17, 2021, 46 TexReg 7775.

View Official Rule