Statement

Reviews of West Texas A&M University's information security program for compliance with Texas Administrative Code 202 standards will be performed by both internal reviews conducted by the ISO and by individual(s) independent of the information security program.

Applicability

This control applies to all West Texas A&M information resources. The intended audience for this control includes all information resource owners, custodians, and users of information resources.

Implementation

• The ISO and CIO will develop the assessment plan that defines the scope of the assessment that includes:
  • University security controls under review
  • Methods or procedures to determine control effectiveness
  • Assessment environment, team members and roles and responsibilities.
• A formal report will be prepared and presented to the CIO for review.
• Reviews of individual information resources or program components for compliance will be conducted by IT security throughout the year, based on risk management decisions.