Information security risk assessments are vital procedures for maintaining the security of information resources and meeting legal requirements for protecting confidential information. To comply with Texas Administrative Code, Title 1, Chapter 202 (TAC 202), Texas A&M University has established policies for annual risk assessment reporting and review.
Risk Assessment Reporting
Units having ownership or custodial responsibility for information resources shall annually assess their security posture and measure their compliance with TAC 202 with an approved risk assessment reporting process. Following this assessment, a security assessment report shall then be submitted to the Vice President for Information Technology & Chief Information Officer.
Risk Assessment Review
After the completion of the annual risk assessment reporting process, Risk Management and Policy personnel will review all security assessment reports. Based on this review, some assessments will be selected for additional review based on inherent risk or at the direction of the Vice President for Information Technology & Chief Information Officer (or designee).
Information Security Risk Assessment Review Report
After the completion of the annual risk assessment review process, Technology Services will compile the results of the reviews into an Information Security Risk Assessment Review Report. This report is submitted to the Chief Information Security Officer, and it may influence the university's IT Risk Management Plan.