Approved: March 3, 2013
Revised: May 31, 2016
Revised: August 27, 2019
Next Scheduled Review: August 27, 2024
The Texas A&M Transportation Institute regards information resources as a vital part of fulfilling the mission of the agency. The chief information officer (CIO) is responsible for coordinating the agency’s information resources, including ensuring, in consultation with the agency director or designee, the effectiveness, security and efficiency of the agency’s information resources. In addition, the CIO, in consultation with the agency director or designee, is responsible for ensuring that appropriate procedures and programs are implemented to safeguard computer systems, networks and data and to mitigate risks that may compromise information integrity, availability and security.
Reason for Rule
This rule implements System Policy 29.01, establishes the authority and responsibilities of the chief information officer (CIO) and chief information security officer (CISO), and authorizes procedures and standards governing the use and security of information resources within the agency.
Procedures and Responsibilities
1. Agency Information Resources Governance
1.1 In accordance with 1 TAC §211.20, the agency director designates the chief information officer (CIO) as the information resources manager to administer the requirements of 1 TAC Part 10 and all other relevant information resources laws and policies across the agency.
1.2 The efficient and effective use of information resources is critical to the long-term success of the agency. To that end, the CIO is responsible for ensuring that information resources expenditures from any funding source are efficient and serve to improve agency services. The CIO is also responsible for coordinating agency information resources purchases, regardless of the funding source.
1.3 The CIO, with the agency director’s approval, shall establish an information resources governance structure at the agency level that accomplishes the following:
- identifies and coordinates information technology projects and their priority among the agency’s research and operational areas;
- reviews and provides recommendations on proposed information technology projects with substantial impact to agency stakeholders;
- reviews and provides recommendations on proposed information technology capital investment requests; and
- reviews and provides recommendations on the agency’s information resources strategic plan.
1.4 The CIO shall develop and implement procedures and standards as necessary to ensure compliance with 1 TAC Part 10.
2. Agency Information Security Governance
2.1 In accordance with 1 TAC §202.70, the agency director designates the chief information security officer (CISO) to administer the information security requirements of 1 TAC Ch. 202 – 203 and all other relevant information security laws and policies across the agency.
2.2 The CISO shall develop and implement procedures and standards to ensure compliance with applicable Federal, State and The Texas A&M University System information security statutes, policies, and regulations.
2.3 Mandatory security controls required by 1 TAC §202.76 and System Regulation 29.01.03 shall be defined by the CISO in a security control catalog published on the agency’s intranet website. Agency security controls carry the same force and effect as agency rules, and noncompliance may be considered grounds for disciplinary action up to and including termination of employees.
Related Statutes, Policies, or Requirements
- 1 Texas Administrative Code Part 10, Department of Information Resources
- 1 Texas Administrative Code Ch. 202, Information Security Standards
- 1 Texas Administrative Code Ch. 211, Information Resources Managers
- Agency Security Controls Catalog
- Texas Education Code §51.9335, Acquisition of Goods and Services
- Texas Government Code Ch. 2054, Information Resources
- System Policy 29.01, Information Resources
- System Regulation 25.07.03, Acquisition of Goods and/or Services
- System Regulation 29.01.01, Information Resources Governance
- System Regulation 29.01.03, Information Security
- 1 TAC – Title 1, Texas Administrative Code, Administration.
- Agency Information Resource – An information resource owned, leased, managed, or otherwise under the control of the Texas A&M Transportation Institute.
TTI Network & Information Systems