The head of each state agency is ultimately responsible for
the agency's information resources. The head of each state agency
or his/her designated representative(s) shall:
  (1) designate an Information Security Officer who has
the explicit authority and the duty to administer the information
security requirements of this chapter agency wide;
  (2) allocate resources for ongoing information security
remediation, implementation, and compliance activities that reduce
risk to a level acceptable to the agency head;
  (3) ensure that senior agency officials and information-owners,
in collaboration with the Information Resources Manager and Information
Security Officer, support the provision of information security for
the information systems that support the operations and assets under
their direct or indirect (e.g., cloud computing or outsourced) control;
  (4) ensure that the agency has trained personnel to
assist the agency in complying with the requirements of this chapter
and related policies;
  (5) ensure that senior agency officials support the
agency Information Security Officer in developing, at least annually,
a report on agency information security program, as specified in §202.21(b)(11)
and §202.23(a) of this chapter;
  (6) approve high level risk management decisions as
required by §202.25(4) of this chapter;
  (7) review and approve at least annually the agency
information security program required under §202.24 of this chapter;
and
  (8) ensure that information security management processes
are integrated with agency strategic and operational planning processes.


Source Note: The provisions of this §202.20 adopted to be effective March 17, 2015, 40 TexReg 1357