Approved: March 3, 2013
Revised: May 31, 2016
Revised: February 11, 2019
Next Scheduled Review: May 31, 2021
The Texas A&M Transportation Institute regards information resources as a vital part of fulfilling the mission of the agency. The chief information officer (CIO) is responsible for coordinating the agency’s information resources, including ensuring, in consultation with the chief executive officer (CEO) or designee, the effectiveness, security and efficiency of the agency’s information resources. In addition, the CIO, in consultation with the CEO or designee, is responsible for ensuring that appropriate procedures and programs are implemented to safeguard computer systems, networks and data and to mitigate risks that may compromise information integrity, availability and security.
Reason for Rule
This rule implements System Policy 29.01, establishes the authority and responsibilities of the chief information officer (CIO) and chief information security officer (CISO), and authorizes procedures and standards governing the use and security of information resources within the agency.
Procedures and Responsibilities
1. Agency Information Resources Governance
1.1 In accordance with 1 TAC §211.20, the chief executive officer (CEO) designates the chief information officer (CIO), under the supervision of the CEO or designee, as the information resources manager to administer the requirements of 1 TAC Part 10 and all other relevant information resources laws and policies across the agency.
1.2 The efficient and effective use of information resources is critical to the long-term success of the agency. To that end, the CIO is responsible for ensuring that information resources expenditures from any funding source are efficient and serve to improve agency services. The CIO is also responsible for coordinating agency information resources purchases, regardless of the funding source.
1.3 The CIO, with the CEO’s approval, shall establish an information resources governance structure at the agency level that accomplishes the following:
- identifies and coordinates information technology projects and their priority among the agency’s research and operational areas;
- reviews and provides recommendations on proposed information technology projects with substantial impact to agency stakeholders;
- reviews and provides recommendations on proposed information technology capital investment requests; and
- reviews and provides recommendations on the agency’s information resources strategic plan.
1.4 The CIO shall develop and implement procedures and standards as necessary to ensure compliance with 1 TAC Part 10.
2. Agency Information Security Governance
2.1 In accordance with 1 TAC §202.70, the CEO designates the chief information security officer (CISO), under the supervision of the CIO, to administer the information security requirements of 1 TAC Part 10 and all other relevant information security laws and policies across the agency.
2.2. The CISO shall develop and implement procedures and standards to ensure compliance with applicable Federal, State and TAMUS information security statutes, policies, and regulations.
2.3 Mandatory security controls required by 1 TAC §202.76 and System Regulation 29.01.03 shall be defined by the CISO in a security control catalog published on the agency’s intranet website. Agency security controls carry the same force and effect as agency rules, and noncompliance may be considered grounds for disciplinary action up to and including termination of employees.
Related Statutes, Policies, or Requirements
- 1 Texas Administrative Code Part 10, Department of Information Resources
- 1 Texas Administrative Code Ch. 202, Information Security Standards
- 1 Texas Administrative Code Ch. 211, Information Resources Managers
- Agency Security Controls Catalog
- Texas Education Code §51.9335, Acquisition of Goods and Services
- Texas Government Code Ch. 2054, Information Resources
- System Policy 29.01, Information Resources
- System Regulation 25.07.03, Acquisition of Goods and/or Services
- System Regulation 29.01.01, Information Resources Governance
- System Regulation 29.01.03, Information Security
- 1 TAC – Title 1, Texas Administrative Code, Administration.
- Agency Information Resource – An information resource owned, leased, managed, or otherwise under the control of the Texas A&M Transportation Institute.
- Chief Executive Officer (CEO) – The agency director of the Texas A&M Transportation Institute; also the head of an institution of higher education as defined by §61.003, Texas Education Code.
- Chief Information Officer (CIO) – The individual designated by the CEO to administer the requirements of 1 TAC Part 10 and all other relevant information resources laws and policies across the agency; also the information resources manager as defined by 1 TAC §211.20 and §2054.071, Texas Government Code.
- Chief Information Security Officer (CISO) – The individual designated by the CEO to administer the information security requirements of 1 TAC Part 10 and all other relevant information security laws and policies across the agency; also the information security officer as defined by 1 TAC §202.71 and §2054.136, Texas Government Code.
- Information Owner – A person with statutory or operational authority for specified information (e.g., supporting a specific business function) and responsibility for establishing the controls for its generation, collection, processing, access, dissemination, and disposal. The Information Owner may also be responsible for other information resources including personnel, equipment, and information technology that support the Information Owner’s business function.
- Information Resources – Is defined in §2054.003(7), Texas Government Code and/or other applicable state or federal legislation.
- User of an Information Resource – An individual or automated application authorized to access an information resource in accordance with the information owner-defined controls and access rules.
TTI Network & Information Systems