January 16, 2019

TAMUS policy 29.01.03

TAMU System Regulation 29.01.03 – Section 5.2, Approved January 15, 2019, requires members to consolidate all significant IT equipment into a centralized member data center or approved commercial data center by September 1, 2019.  This SAP clarifies the definition of “significant IT equipment,” defines enterprise data center, establishes the maintenance of a “cloud computing provider list,” and details the exception process at TAMU.  http://rules-saps.tamu.edu/PDFs/29.01.03.M0.05.pdf

November 22, 2018

TAMUS policy 29.01.03

In the November 22, 2018 meeting, the IRPSC endorsed TAMUS policy 29.01.03. Please review the meeting minutes for additional information. 

This document provides an overview of the Adopted IT SAP Rule Security Control Process that was used in this process.

December 7, 2017

  1. Established a task force to examine revised TAMUS policy 29.01.03 with respect to section 5.1 and 5.2.
  2. Conducted a series of Security Endpoint Solution Reviews for the purpose of receiving input for selection.
  3. Established a task force to assess existing and potential security risks.
  4. Established a task force identify strategies for addressing the application of HIPAA, including the protections of PHI, and PII data, across the University.
  5. Established task force to address the long-term impact of Controlled Unclassified Information.
  6. Established a task force to advise the development of a University-wide security program with strategic initiatives directed toward raising the overall security posture of the University.