24.99.99.R1.02 Information Technology Risk Assessment/Strategic Planning

Effective: April 4, 2007

(1) Risk Assessment
The steps for producing the Texas A&M University-Commerce Information Technology Risk Assessment are as follows:

  1. Administrators for each Information Technology Resource are to use the Information Security Awareness, Assessment, and Compliance for The Texas A&M University System (ISAACS) for risk assessment.

  1. Administrators will complete the ISAACS survey and forward a copy of the assessment to the Director of Information Technology.

  1. The Director of Information Technology Services will use the information from each individual ISAACS reports to produce a comprehensive campus information security risk analysis.

  1. The comprehensive campus information security risk analysis will be prepared annually and presented to the Vice-President for Business and Administration (VPBA) for review and approval by the President’s Advisory Council (PAC).

(2) Information Technology Strategic Planning
Texas Government Code (TGC) §2054.095 requires each state agency, including institutions of higher education, to prepare a strategic plan for information resources management (IRSP) on a biennial basis. Statute requires that each IRSP align with the State Strategic Plan for Information Resources Management (SSP).

Future Information Resources Strategic Plans will be developed using the following steps:

  1. A committee headed by the Director of Information Technology and consisting of the Director of Instructional Technology and Distance Education, the Director of Financial Aid, the Director of Libraries, the University Registrar, the Director of Undergraduate Admissions and the Director of Financial Services will engage in a series of meetings to produce a new Information Resources Strategic Plan.

  1. The plan produced must support the University Strategic Plan and the State Strategic Plan for Information Resources Management.

  1. The Director of Information Technology will present the plan to the Vice-President for Business and Administration (VPBA).

  1. The Vice-President for Business and Administration will present the plan to the President’s Advisory Council (PAC) for approval.

Contact for Interpretation: Vice President for Business and Administration