Information Security Measures of Performance include assessments of risk, identification of corrective actions, and mitigation efforts to secure University information resources.


  • Texas Administrative Code Chapter202 assigns responsibility for the protection of information resources to the President of the University. For the purposes of this Control, the authority and responsibility regarding the university’s compliance with TAC 202 have been delegated by the President to the Chief Information Officer (CIO).


  • 1

    The CIO or designee shall develop, monitor, and report on the results of information security measures of performance within:

    • 1.1

      The annual Risk Management Plan required in Standard Administrative Procedure 29.01.03.M0.01, Security of Electronic Information Resources; and

    • 1.2

      The biennial review of the University’s information security program for compliance with Texas Administrative Code, Chapter 202 (See Control CA-2).