Supply Chain Risk Management (SR)

Purpose –  

The Supply Chain Risk Management Policy and associated controls document the minimum standards required to manage risks associated with using information resources from external providers. Requirements are defined for supply chain risk management, acquisition, notification agreements, and component disposal.  

---

Scope and Roles –  

This policy applies to information resources owned or managed by Tarleton. The intended audience includes all involved in hiring and personnel management, the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), and information resource owners and custodians. 

---

Compliance –  

Supply Chain Risk Management controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code §202.76 and Texas A&M University System Regulation 29.01.03, Information Security.