IR-6: Incident Reporting

NIST Baseline:  Low 

Privacy Baseline:  Yes 

DIR Required By:  07/20/2023 

TAMUS Required By:  08/01/2022 

Review Date:  07/10/2024 

  • Anyone may report illegal, disruptive, or suspicious activity impacting Tarleton State University (Tarleton) information resources at any time to the Office of Innovative Technology Solutions (OITS) Helpdesk through e-mail ([email protected]) or telephone (254-968-9885). 
  • Known or suspected security incidents must be reported immediately to either: 
  • The Tarleton Chief Information Security Officer (CISO) has reporting responsibilities to the Texas Department of Information Resources (DIR) for security incidents that are assessed to: 
    • Propagate to other university or state systems; 
    • Result in criminal violations that shall be reported to law enforcement; or 
    • Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information as defined in Texas Business and Commerce Code §521.002(a)(2) and other applicable laws that may require public notification. 
  • If the security incident is assessed to involve suspected criminal activity (e.g., violations of Texas Penal Code Chapter 33 or Chapter 33A ), the security incident shall be investigated, reported, and documented in a manner that restores operation promptly while meeting the legal requirements for handling of evidence in accordance with 1 Texas Administrative Code §202.23(b) and §202.73(b).   
  • The Tarleton CISO will ensure reporting to Texas A&M University System (TAMUS) Cybersecurity Operation Center when specific requirements are met for reporting incidents to TAMUS so that any required notifications of an incident can be made to any additional TAMUS Offices. 

References/Additional Resources

1 TAC § 202.23(b)  

1 TAC § 202.73(b)  

Section 512.053, Business and Commerce Code  

Section 2054.1125, Government Code