Texas Administrative Code
Title 1 - ADMINISTRATION
Part 10 - DEPARTMENT OF INFORMATION RESOURCES
Chapter 202 - INFORMATION SECURITY STANDARDS
Subchapter B - INFORMATION SECURITY STANDARDS FOR STATE AGENCIES
Section 202.25 - Managing Security Risks
Universal Citation: 1 TX Admin Code § 202.25
Current through Reg. 50, No. 13; March 28, 2025
A risk assessment of the agencies' information and information systems shall be performed and documented.
(1) Risks and impacts will be ranked, at a minimum, as either "High," "Moderate," or "Low. "
(2) The schedule of the future risk assessments will be documented.
(3) Risk assessment results, vulnerability reports, and similar information shall be documented and presented to the Information Security Officer or their designated representative(s).
(4) Approval of the security risk acceptance, transference, or mitigation decision shall be the responsibility of:
(A) the Information Security Officer or their designee(s), in coordination with the information owner, for systems identified with a Low or Moderate residual risk.
(B) The agency head for all systems identified with a High residual risk.
Disclaimer: These regulations may not be the most recent version. Texas may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
