PM-2: Information Security Program Role
DIR Required By: 07/20/2023
Review Date: 07/31/2024
- As stated in TAC §202, the Tarleton Chief Information Security Officer (CISO) has the explicit authority and responsibility to administer the information security requirements of TAC §202 university-wide. The CISO is also responsible for helping ensure compliance with the requirements outlined in Texas Government Code §2054.136 and Texas A&M University System (TAMUS) Regulation 29.01.03, Information Security.
- The CISO shall be responsible for ensuring that an appropriate information security program for the university is in effect and that compliance with TAC §202 is maintained for information resources that are in the possession or under the control of individuals (i.e. information resource owners, custodians, or users) by virtue of their employment or affiliation with Tarleton.
- The CISO is responsible for the development of university information security rules, standard administrative procedures, and security controls.
- The CISO is responsible for and has authority to monitor compliance with university information security rules, standard administrative procedures, and security controls (e.g. risk assessments).