07.A.03 – Responsibilities for Information Technology Resources

Section: Information Technology

Area: Computing Services

PDF version

1. PURPOSE

The purpose of this document is to comply with requirements of the state of Texas Department of Information Resources regarding the designation of an Information Resources Manager and Information Security Officer for the University of Houston System (UH System) and each university and to provide for the sharing of information between the UH System and university Information Resource Managers and Information Security Officers.

2. POLICY

2.1. Information Resources Manager

2.2.1. The Senior Associate Vice Chancellor for Information Technology and Chief Information Officer is the designated Information Resources Manager (IRM) for the UH System pursuant to Texas Government Code, Section 2054, Subchapter D , and has oversight for the administration of the requirements of this document.

2.2.2. Each university must designate an IRM pursuant to Texas Government Code, Section 2054, Subchapter D . Each university IRM will have a dotted-line reporting relationship to the UH System IRM.

2.2.3. The UH System IRM and university IRMs will collaborate on information technology initiatives and share practices across the UH System and the universities.

2.2. Information Security Officer

2.2.1. The Assistant Vice Chancellor of IT Security is the designated Chief Information Security Officer (CISO) for the UH System pursuant to Texas Administrative Code, Rule 202.71 .

2.2.2. Each university must designate an Information Security Officer (ISO) pursuant to Texas Administrative Code, Rule 202.71 . Each university ISO will report directly to the UH System CISO and have a dotted line reporting relationship to the university Chief Information Officer. The ISO for each university is required to have in place security policies, procedures and standards consistent with those required by Texas Administrative Code, Chapter 202, Information Security Standards . The university ISO's office will be located at the university to which they are designated.

2.2.3. The UH System CISO working together with university ISOs is responsible for implementing and maintaining a comprehensive information security program for the UH System that complies with applicable law (including Texas Administrative Code, Rule 202.71 ), established industry security standards and practices, and UH System policies and procedures.

2.3. UH System Information Security Program Advisory Council

The UH System Information Security Program Advisory Council (Council) serves to keep senior leadership informed of the state of the UH System Information Security program and provide guidance for security initiatives. The UH System Chief Information Security Officer is responsible for regular reporting to the Council. The Council consists of the following UH System members:

2.3.1. UH System Chief Audit Executive

2.3.2. UH System Compliance Officer

2.3.3. UH System General Counsel/Chief Privacy Officer

2.3.4. UH System Chief Human Resources Officer

2.3.5. UH System Chief Information Officer

2.3.6. UH System Chief of Police

2.4. Reporting Requirements

2.4.1. Any required report submitted to the State by a university Information Resource Manager (IRM) or Information Security Officer (ISO) must also be submitted to the UH System IRM or Chief Information Security Officer (CISO).

2.4.2. Any report required by the State to be generated by a university IRM or ISO must be submitted to the UH System IRM or CISO.

2.4.3. Any report required by UH System or university policy must be submitted to the UH System IRM or CISO.

2.4.4. Any report submitted by a university ISO or CISO on behalf of the university must also be submitted to the university IRM.

Issued: 11/17/1994
Last Reviewed/Revised: 11/23/2023
Responsible Office(s): Information Technology