The head of each state institution of higher education is ultimately
responsible for the security of state information resources. The head
of each state institution of higher education or his/her designated
representative(s), shall:
  (1) designate an Information Security Officer who has
the explicit authority and the duty to administer the information
security requirements of this chapter institution wide;
  (2) allocate resources for ongoing information security
remediation, implementation, and compliance activities that reduce
risk to a level acceptable to the institution head;
  (3) ensure that senior institution of higher education
officials and information-owners, in collaboration with the information
resources manager and information security officer, support the provision
of information security for the information systems that support the
operations and assets under their direct or indirect (e.g., cloud
computing or outsourced) control;
  (4) ensure that the institution of higher education
has trained personnel to assist the institution of higher education
in complying with the requirements of this chapter and related policies;

  (5) ensure that senior institution of higher education
officials support the institution of higher education Information
Security Officer in developing, at least annually, a report on institution
of higher education information security program, as specified in §202.71(b)(11)
and §202.73(a) of this chapter;
  (6) approve high level risk management decisions as
required by §202.75(4) of this chapter;
  (7) review and approve at least annually institution
of higher education information security program required under §202.74
of this chapter; and
  (8) ensure that information security management processes
are part of the institution of higher education strategic planning
and operational processes.


Source Note: The provisions of this §202.70 adopted to be effective March 17, 2015, 40 TexReg 1357