Texas Administrative Code Chapter 202 assigns responsibility for the protection of information resources to the President of the University. For the purposes of this Control, the authority and responsibility regarding the university’s compliance with TAC 202 have been delegated by the President to the Chief Information Officer (CIO).

It is the responsibility of the University President or designee (i.e., CIO) to implement a process for ensuring that plans of action and milestones for the security program and associated University information resources;

• 1.1

  Are developed and maintained;

• 1.2

  Document the remedial information security actions to adequately respond to risk to University operations and assets, individuals, other organizations; and

• 1.3

  Are reported in accordance with OMB FISMA reporting requirements.

The CIO or designee shall review plans of action and milestones for consistency with the University risk management strategy and University priorities for risk response actions.