<<Prev Rule

Texas Administrative Code

Next Rule>>
TITLE 1ADMINISTRATION
PART 10DEPARTMENT OF INFORMATION RESOURCES
CHAPTER 202INFORMATION SECURITY STANDARDS
SUBCHAPTER BSECURITY STANDARDS FOR STATE AGENCIES
RULE §202.20Security Standards Policy

The following are policies of the State of Texas that apply to all state agencies. Each state agency should apply the Security Standards Policy based on documented risk management decisions:

  (1) Information resources residing in the various state agencies of state government are strategic and vital assets belonging to the people of Texas. These assets shall be available and protected commensurate with the value of the assets. Measures shall be taken to protect these assets against unauthorized access, disclosure, modification or destruction, whether accidental or deliberate, as well as to assure the availability, integrity, utility, authenticity, and confidentiality of information. Access to state information resources shall be appropriately managed.

  (2) All state agencies are required to have an information resources security program consistent with these standards, and the state agency's head is responsible for the protection of information resources.

  (3) All individuals are accountable for their actions relating to information resources. Information resources shall be used only for intended purposes as defined by the state agency and consistent with applicable laws.

  (4) Risks to information resources shall be managed. The expense of security safeguards shall be commensurate with the value of the assets being protected.

  (5) The integrity of data, its source, its destination, and processes applied to it shall be assured. Changes to data shall be made only in an authorized manner.

  (6) Information resources shall be available when needed. Continuity of information resources supporting critical governmental services must be ensured in the event of a disaster or business disruption.

  (7) Security requirements shall be identified, documented, and addressed in all phases of development or acquisition of information resources.

  (8) State agencies shall ensure adequate controls and separation of duties for tasks that are susceptible to fraudulent or other unauthorized activity.


Source Note: The provisions of this §202.20 adopted to be effective November 28, 2004, 29 TexReg 10703; amended to be effective September 17, 2009, 34 TexReg 6315

Next Page Previous Page



Home TxReg TAC OM NewTac Public Footer Bar