{"id":3216,"date":"2026-05-29T21:11:56","date_gmt":"2026-05-29T21:11:56","guid":{"rendered":"https:\/\/www.tarleton.edu\/technology\/?page_id=3216"},"modified":"2026-05-29T21:11:57","modified_gmt":"2026-05-29T21:11:57","slug":"tarleton-oits-security-of-electronic-resources-standard","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/technology\/tarleton-oits-security-of-electronic-resources-standard\/","title":{"rendered":"Tarleton OITS Security of Electronic  Resources Standard"},"content":{"rendered":"\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<h1 class=\"wp-block-heading\">Tarleton Office of Innovative Technology Solutions (OITS) <br>Security of Electronic Resources Standard<\/h1>\n\n\n\n<p>Effective: February 11, 2020<\/p>\n\n\n\n<p>Revised:\u00a0 May 29, 2026\u00a0<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\">\n<figure class=\"wp-block-image alignright size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.tarleton.edu\/technology\/wp-content\/uploads\/sites\/170\/2021\/12\/Tarleton_TonTexas.svg\" alt=\"The Tarleton State University logo\" class=\"wp-image-670\" style=\"width:159px;height:auto\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity has-vivid-cyan-blue-to-vivid-purple-gradient-background has-background is-style-wide\" \/>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedure Summary<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Tarleton State University (Tarleton or university), as a state university,\u00a0is required to\u00a0comply with\u00a0the <a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\" target=\"_blank\" rel=\"noreferrer noopener\">Texas Administrative Code (TAC) Chapter 202 \u2010 Information Security Standards<\/a>.\u00a0TAC assigns responsibility for protection of informational resources to the president of the public university or agency. For the purposes of this standard, the authority and responsibility\u00a0regarding\u00a0the university\u2019s compliance with TAC 202 has been delegated by the President to the Associate Vice President and Chief Information Officer (CIO) of the Office of Innovative Technology Solutions (OITS).\u00a0\u00a0<\/p>\n\n\n\n<p>Please see the <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/\">Tarleton Security Controls Catalog<\/a> for additional information and requirements.<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Procedures and Responsibilities<\/strong>&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The Information Security Officer (ISO) or Chief information Security Officer (CISO) has been\u00a0designated\u00a0as the individual responsible for administering the provisions of this standard and TAC 202 in coordination with the CIO.\u00a0\u00a0<\/li>\n\n\n\n<li>The head or director of a department shall\u00a0be responsible for\u00a0ensuring that\u00a0their department incorporates appropriate security\u00a0program requirements and that compliance with TAC 202, this standard, and the Tarleton Security Controls Catalog is\u00a0maintained\u00a0for information systems owned and operated\/used by their department.\u00a0\u00a0<\/li>\n\n\n\n<li>The head or director of a department which provides operational support (custodian) for information systems owned by another Tarleton department shall have the responsibility for ensuring that\u00a0the department incorporates appropriate security\u00a0program requirements and that compliance with TAC 202, this standard, and the Tarleton Security Controls Catalog is\u00a0maintained\u00a0for information systems owned and operated\/used by the department.\u00a0\u00a0<\/li>\n\n\n\n<li>Operational responsibility for compliance with TAC 202 may be delegated by the department head or director to the\u00a0appropriate information\u00a0system\u00a0support\u00a0personnel (e.g.\u00a0system administrators) within the department.\u00a0\u00a0<\/li>\n\n\n\n<li>Mission Critical or Confidential Information\u00a0maintained\u00a0on information resources such as servers, individual workstations, and portable devices must be afforded the\u00a0appropriate safeguards\u00a0stated\u00a0in the TAC 202, the Tarleton Security Controls Catalog, and other applicable university rules and administrative standards. It is the responsibility of the information resource owner or designee to ensure that adequate security measures are in place.\u00a0\u00a0<\/li>\n\n\n\n<li>The information owner, or their designee,\u00a0is responsible for\u00a0ensuring that the\u00a0risk\u00a0mitigation measures described in applicable university rules and standards are implemented.\u00a0In accordance with\u00a0<a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\" target=\"_blank\" rel=\"noreferrer noopener\">Texas Administrative Code (TAC) Chapter 202 \u2010 Information Security Standards<\/a>, each department and\/or resource owner may elect not to implement some or all of the risk mitigation measures provided in this standard based on information security risk management decisions and business functions. Such risk management decisions must be documented and reported to the designated information security officer. <\/li>\n<\/ul>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Definitions<\/h2>\n\n\n\n<p><strong>Confidential Information<\/strong>: information that is excepted from disclosure requirements under the provisions of applicable state or federal law, e.g. the Texas Public Information Act.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Custodian of an Information Resource<\/strong>: A person responsible for implementing owner defined controls and access to an information resource. Custodians may include state employees, vendors, and any third party acting as an agent of, or otherwise on behalf of the state entity.\u00a0\u00a0<\/p>\n\n\n\n<p><strong>Information Resources (IR)<\/strong>: the standards, equipment, and software that are designed, employed, operated, and maintained to collect, record, process, store, retrieve, display, and transmit information or data.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Information Security Officer (ISO) \/ Chief Information Security Officer (CISO)<\/strong>: responsible for administering the information security functions within the university and reports to the information resources manager (IRM).&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Mission Critical Information<\/strong>: information that is defined by the university or information resource owner to be essential to the continued performance of the mission of the university or department. Unavailability of such information would result in more than an inconvenience. An event causing the unavailability of mission critical information would result in consequences such as significant financial loss, institutional embarrassment, failure to comply with regulations or legal obligations, or closure of the a department or the university.&nbsp;&nbsp;<\/p>\n\n\n\n<p><strong>Owner of an Information Resource<\/strong>: an entity responsible for a business function and for determining controls and access to information resources supporting that business function.\u00a0\u00a0<\/p>\n\n\n\n<p><strong>User of an Information Resource<\/strong>: An individual or automated application authorized to access an information resource in accordance with the information resource owner\u2019s defined controls and access rules for the purpose specified by the owner; complying with controls established by the owner; and preventing disclosure of confidential or sensitive information.\u00a0\u00a0<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Related Statutes, Policies, or Requirements<\/strong>&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/texas-sos.appianportalsgov.com\/rules-and-meetings?chapter=202&amp;interface=VIEW_TAC&amp;part=10&amp;title=1\" target=\"_blank\" rel=\"noreferrer noopener\">Texas Administrative Code (TAC) Chapter 202 \u2010 Information Security Standards<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/32-02.pdf\">TAMUS Policy 32.02, Discipline and Dismissal of Employees<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/32-02-02.pdf\">TAMUS Regulation 32.02.02, Discipline and Dismissal of Nonfaculty Employees<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/policies.tamus.edu\/29-01.pdf\">TAMUS Policy 29.01, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-02.pdf\">TAMUS Regulation 29.01.02, Use of Licensed Software<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-03.pdf\">TAMUS Regulation 29.01.03, Information Security<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-04.pdf\">TAMUS Regulation 29.01.04, Accessibility of Electronic and Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-05.pdf\">TAMUS Regulation 29.01.05, Artificial Intelligence<\/a><\/p>\n\n\n\n<p><a href=\"http:\/\/policies.tamus.edu\/29-01-06.pdf\">TAMUS Regulation 29.01.06, Covered Applications and Prohibited Technologies<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_03_T0_01.pdf\">Tarleton SAP 29.01.03.T0.01, Information Resources &#8211; Acceptable Use<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_99_t1.pdf\">Tarleton Rule 29.01.99.T1, Information Resources<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/\">Tarleton Security Controls Catalog<\/a><\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Contact Office<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Office of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>AVP and CIO of Innovative Technology Solutions&nbsp;<\/p>\n\n\n\n<p>254-459-5685&nbsp;<\/p>\n\n\n\n<div style=\"height:40px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tarleton Office of Innovative Technology Solutions (OITS) Security of Electronic Resources Standard Effective: February 11, 2020 Revised:\u00a0 May 29, 2026\u00a0 Procedure Summary&nbsp; Tarleton State University (Tarleton or university), as a &#8230;<\/p>\n","protected":false},"author":94,"featured_media":580,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"template-fullwidth.php","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-3216","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/technology\/author\/jgeorge\/","display_name":"jgeorge"},"relative_dates":{"created":"Posted 14 hours ago","modified":"Updated 14 hours ago"},"absolute_dates":{"created":"Posted on May 29, 2026","modified":"Updated on May 29, 2026"},"absolute_dates_time":{"created":"Posted on May 29, 2026 9:11 pm","modified":"Updated on May 29, 2026 9:11 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/3216","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/users\/94"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/comments?post=3216"}],"version-history":[{"count":1,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/3216\/revisions"}],"predecessor-version":[{"id":3217,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/pages\/3216\/revisions\/3217"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/technology\/wp-json\/wp\/v2\/media?parent=3216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}