Information Resources Use and Security Policy

9.1. Under the guidance of the Information Security Office, the university shall conduct and document an information security risk assessment annually in accordance with 1 TAC 202.72 that identifies Category-I Digital Data in the central and all decentralized areas.

9.2. Information Resources must be protected based on sensitivity and risk.

9.3. The confidentiality, integrity, and availability needs of Digital Data must be managed as required by this Policy.

9.4. Data not otherwise deemed Category-I must be managed according to the appropriate minimum security standards and policies and, in the case of Research Data, according to federal guidelines for the responsible conduct of Research.