|
|
 |
|
|
2006 Information Resources Strategic Plan Instructions
Guidance for State Agencies and
Institutions of Higher Education
May 5, 2006
*Note: This document is no longer updated. It has been replaced by the IRSP Instructions & Template document.
PART 3: COMPLIANCE WITH STATE STANDARDS
Agencies should review technology-related statutes and rules referenced in this part of the IRSP and identify the status of compliance with each. DIR will use agency responses to each compliance requirement to identify and evaluate the extent to which each agency, and the state as a whole, is complying with key statutes and rules related to technology.
For each requirement, select the answer that best represents the agency’s current compliance status. When selecting “In Progress” or “Planned”, indicate the month and calendar year in which the requirement will be fully implemented.
- Implemented – The agency has implemented the requirement.
- In Progress – The agency has begun an activity that will lead to implementation
of the requirement. Indicate the estimated date (month and calendar year) that the requirement will be implemented.
- Planned – The agency is planning to implement the requirement, but has not yet begun activity toward implementation. Indicate the estimated date (month and calendar year) that the requirement will be implemented.
- Not Planned – The agency is not planning to implement the requirement.
- Not Applicable – The requirement is not applicable to the agency.
Security
| Requirement |
 |
Month, Calendar Year (If In Progress or Planned) |
| 3.1.1 The agency head or his or her designated representative must review and approve ownership of information resources and their associated responsibilities. [TAC §202.21(a), §202.71(a)] |
 |
 |
| 3.1.2 Each agency must designate a full time Information Security Officer. [TAC §202.21(d), §202.71(d)] |
|
|
| 3.1.3 Each agency must have annual reviews of their security program for compliance with the TAC 202 Security Standards.
[TAC §202.21(e), §202.71(e)] |
|
|
| 3.1.4 Each agency must perform a security risk analysis of information resources. [TAC §202.22, §202.72] |
|
|
| 3.1.5 Each agency must have documented Physical Security measures in place. [TAC §202.23, §202.73] |
|
|
| 3.1.6 Each agency must have a Business Continuity Plan.
[TAC §202.24, §202.74] |
|
|
| 3.1.7 Each agency must take measures to ensure that designated confidential information is accessible to only authorized users. [TAC §202.25(2)(A), §202.75(2)(A)] |
|
|
| 3.1.8 Each agency must utilize the DIR monthly incident reporting system. [TAC §202.26, §202.76] |
|
|
| 3.1.9 Each agency must have controls in place to ensure that test functions for systems development, acquisition and testing are either physically or logically separated from production functions. [TAC §202.25(6)(A), §202.75(6)(A)] |
|
|
| 3.1.10 Each agency must establish a perimeter protection strategy. [TAC §202.25(8), §202.75(8)] |
|
|
| 3.1.11 All System Identification/Logon Banners must have the appropriate warning statements. [TAC §202.25(9), §202.75(9)] |
|
|
| 3.1.12 All authorized users of agency information resources must be required to formally acknowledge that they will comply with security policies and procedures before they are granted access to information resources. [TAC §202.27, §202.77] |
|
|
| 3.1.13 Each agency must create, distribute and implement information security policies. [TAC §202.25(7), §202.75(7)] |
|
|
Geographic Information Systems Standards
Indicate which GIS standards listed below have been implemented.
If “In Progress” or “Planned”, estimate the year/month that implementation will be completed. [TAC §201.6]
If the agency does not use, or plan to use, GIS technology to conduct any part of its business, select “Not Applicable” for questions 3.2.1 through 3.2.5.
| Requirement |
|
Month, Calendar Year (If In Progress or Planned) |
| 3.2.1 During the current and the past biennium has the agency coordinated in advance with the Texas Geographic Information Council on expenditures of over $100,000 to acquire, enhance, or develop a GIS base map dataset? |
|
|
| 3.2.2 If the agency originates or adds content to a digital geospatial dataset and distributes it to other agencies or the public, does it offer the dataset in at least one format, which is readily usable by a variety of GIS software packages? |
|
|
| 3.2.3 If the agency acquires a federal or other public domain geospatial dataset, does it make it available to other agencies and the public via the agency’s Web site and/or the Texas Natural Resources Information System? |
|
|
| 3.2.4 If the agency originates or adds content to a digital geospatial dataset and distributes it to other agencies or the public, does it prepare standardized metadata documentation for each dataset, and distribute this metadata with the dataset? |
|
|
| 3.2.5 If the agency generates or contracts for positional data using field measurement techniques, does it utilize the North American Datum of 1983 (NAD83) for horizontal positional data and the North American Vertical Datum of 1988 (NAVD88) for vertical elevation data? |
|
|
Additional Rules and Requirements
| Requirement |
|
Month, Calendar Year (If In Progress or Planned) |
| 3.3.1 Agencies must adhere to the published standards when wiring or rewiring state-owned or state-leased space. [TAC §208] |
|
|
| 3.3.2 If the agency holds an open or closed meeting by videoconference call, the systems used must comply with the approved standards. [TAC §209] |
|
|
| 3.3.3 Agencies must purchase commodity software in accordance with contracts developed by the department, or obtain an approved waiver. [TAC §212] |
|
|
| 3.3.4 Agencies that receive IR technologies under a contract from another state entity, must solicit bids or proposals for the procurement of such technologies by giving public notice of a request for proposals or a request for bids.
[TAC §204, TGC §2054.119] |
|
|
| 3.3.5 Agencies must manage electronic records according to the Electronic Records Standards and Procedures adopted by the Texas State Library and Archives Commission.
[13 TAC §§6.91-6.97] |
|
|
| 3.3.6 Agencies must ensure that electronic records in their custody that have historical value to the state are properly preserved.
[TGC §441.186] |
|
|
| 3.3.7 Agencies must remove restricted personal information from any associated storage device prior to the sale or transfer of data processing equipment, to other than another Texas state agency or agent of the state. [TGC §2054.130, TAC §202.28, TAC §202.78] |
|
|
| 3.3.8 Does the agency’s IRM have a four-year degree from a fully-accredited postsecondary institution (if appointed after September 1, 1992 and meet or exceed the continuing education requirements for FY2005? [TAC §211.11, TAC §211.21] |
|
|
|
