The university develops, disseminates, and periodically reviews/updates formal, documented procedures to facilitate the implementation of the Security Planning policy and associated Security Planning controls.


  • This control applies to the university Chief Information Security Officer (CISO).


  • 1

    As specified in Texas Administrative Code ยง202.73(a), the university CISO shall report annually to the President on the adequacy and effectiveness of information security policies, procedures, and compliance with Texas Administrative Code, Chapter 202 and:

    • 1.1

      Effectiveness of current information security program and status of key initiatives;

    • 1.2

      Residual risks identified by the university risk management process; and

    • 1.3

      University security requirements and requests.