The university identifies and classifies personnel positions based on risk category in order to determine the risk level associated with the position, thereby determining the controls that must be implemented for the position.

The current practice of Texas A&M is to consider all employees security-sensitive and to conduct criminal background checks on all prospective employees. 


  • This Control applies to all information system owners and managers.


  • 1

    It is the responsibility of the information system owner or manager, in conjunction with Human Resources, to:

    • 1.1

      Assign a risk designation to all university positions within the unit (such as a security designation in a job description);

    • 1.2

      Establish screening criteria for individuals hired for positions; and

    • 1.3

      Review and update position risk designations annually.

  • 2

    All authorized users of university information resources shall formally acknowledge that they will comply with the security policies and procedures of Texas A&M University.