Description

Texas A&M, as a State University, is required to comply with Texas Administrative Code, Title 1, Chapter 202 (TAC 202). The TAC 202 assigns responsibility for the protection of information resources to the President of the University. For the purposes of this Control, the authority and responsibility regarding the university’s compliance with TAC 202 have been delegated by the President to the Chief Information Officer (CIO).

Applicability

  • This Control describes the authority and responsibilities (including but not limited to) for Texas A&M’s Chief Information Security Officer (CISO).

Implementation

  • 1

    As stated in TAC 202, the university’s Chief Information Security Officer (CISO) has the explicit authority and responsibility to administer the information security requirements of TAC 202 university-wide.

  • 2

    The Chief Information Security Officer shall be responsible for ensuring that an appropriate information security program for the university is in effect and that compliance with TAC 202 is maintained for information resources that are in the possession or under the control of individuals (i.e. information resource owners, custodians, or users) by virtue of their employment or affiliation with the university.

  • 3

    The Chief Information Security Officer shall be responsible for the development of university information security rules, standard administrative procedures, and security controls.

  • 4

    The Chief Information Security Officer is responsible for and has authority to monitor compliance with university information security rules, standard administrative procedures, and security controls (e.g. risk assessments).