This Control addresses the responsibility to properly respond to findings from risk assessments.


  • This Control applies to all Texas A&M information resources. The intended audience for this Control includes all information resource owners and custodians.


  • 1

    The information resource owner, or custodian, shall respond to findings from security and privacy assessments, monitoring, and audits in accordance with university accepted risk tolerance.