Information for Executive Leadership

On this page:

How to Designate Required Agency Roles

Things to Know about Cybersecurity

Information about IT Procurement and Contracting

Using DIR's Shared Technology Services

Technology is an important aspect of how your agency conducts business. At DIR, we’re here to help. As the executive director or head of an agency, you have a lot on your plate. To make your job a little easier, we’ve created this page as a reference point for everything you need to be aware of regarding statewide technology policies, requirements for your agency, designating specific roles at your agency, and other helpful information.

Reporting Requirements 

DIR is dedicated to helping your agency plan for the successful implementation of technology products and services. In some cases, you may be asked to sign certain plans or reports before they are submitted to DIR. You can find information about the required reports and the timing for these here: https://dir.texas.gov/strategic-planning-and-reporting.

In addition, every even numbered year, agencies must complete the Information Security Plan. DIR has instructions on preparing the plan along with a helpful template to get started.

The Prioritization of Cybersecurity and Legacy Systems Projects (PCLS) is also due every even year. DIR reports on state agency cybersecurity projects and efforts to modernize or replace legacy systems at the start of every legislative session. 

Designating a required role at your agency:

As the head of an agency, you will need to designate several roles at your agency. These designations include Information Security Officers (ISOs), Information Resources Managers (IRMs), Electronic Information Resources Accessibility Coordinators (EIRAC), and, for agencies and institutions of higher education with more than 150 full-time employees, a Data Management Officer (DMO).

An Information Security Officer (ISO) is the person inside every state agency who has the explicit authority and duty to administer information security requirements. Each state agency is required to designate an ISO by the Texas Administrative Code.  

Designate an ISO

 

An Information Resources Manager (IRM) is responsible for overseeing IT, IT reporting, and technology compliance.

Designate an IRM

A Data Management Officer supports the agency’s strategic operations and planning by defining, communicating, and drives the implementation of enterprise-wide data governance and data management methodologies. 

Designate a DMO

EIR Accessibility Coordinators provide leadership and guidance, ensure compliance, and promote EIR accessibility for their organization.

Designate an EIRAC

State Agency Customers

Learn more about how DIR supports our state agency customers

Cybersecurity

DIR provides cybersecurity products and services as well as guidance and help so you have the necessary tools to protect your agency’s vital information resources. DIR offers a few security services at no cost to agencies: network penetration testing and network assessments. If you need more information about these services or have questions, please contact DIR’s Office of the Chief Information Security Officer (OCISO) for assistance.

We’ve also compiled a comprehensive Security Services Guide that outlines all our security products and services currently available to our customers. This guide was developed to provide a single source of all security-related services available from DIR as well as how, when, and where to get assistance and support from DIR’s OCISO team. More items of interest include:

.TX-RAMP provides a standardized approach for security assessment, certification, and continuous monitoring of cloud computing services that process the data of Texas state agencies.

Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires state and local government employees and officials to complete a certified training program every year. The statute also requires state government contractors to complete a certified training program.

You can find more information about the mandatory security training here: https://dir.texas.gov/information-security/statewide-cybersecurity-awareness-training

The TX-ISAO provides a forum for public entities in Texas to share information regarding cybersecurity threats, best practices, and remediation strategies. By joining the TX-ISAO, you will have access to intelligence and educational opportunities, and be able to participate in information sharing.

Cybersecurity is a team sport. While DIR establishes the security policies and procedures for the state, we rely on our agency partners to help ensure best practices are in place to protect the state’s information resources through incident management and reporting.

DIR is ready to help before, during, and after a cybersecurity incident. We also have helpful incident response resource guides, templates, and other resources to assist you in building a robust incident management and response program.

Contracts and Procurement with DIR

DIR administers cooperative contracts for technology products and services for the state. State agencies are required to purchase through DIR for all hardware, software, and technical services. You can easily find IT products on our website by searching for the product type, product name, vendor, or commodity code. We’ve already negotiated with our vendor partners and all our contracts comply with state procurement rules.

State Agencies are required through Gov’t Code 2157.068 to meet bid threshold requirements for IT commodity purchases for hardware, software, and technology services. Thresholds apply to all purchases through the Cooperative Contracts Program.  

Per TGC 2157.0685, your agency is required to submit SOWs for DIR review and approval prior to solicitation to Vendors (if the award value is over $50,000). 

If you have questions about the SOW process, please contact DIR’s SOW Support team: [email protected].

Take advantage of DIR’s bulk purchasing opportunities to save even more on technology solutions. Even better, your agency does not have to buy in bulk quantities to take advantage of these discounts. You can view the current opportunities here: https://dir.texas.gov/it-solutions-and-services/buying-through-dir/bulk-purchasing

While your agency is required to purchase technology through DIR, there are cases in which an exemption can be requested. Exemptions are available for Cooperative Contracts, Communications Technology Services (CTS), and Shared Technology Services (STS) but they must meet specific criteria to be approved. Please refer to our exemption page on our website to determine the criteria that best fits for the specific exemption. 

If your agency is also a DCS customer, you will need to submit exemptions for that program in addition to any requested exemptions required for the Cooperative Contracts program.

Shared Technology Services 

At DIR, we understand that for many organizations, managing technology can be a challenge with limited resources and money. That’s why our Shared Technology Services (STS) exists: so you can treat IT as a service. We’ll help you secure high-quality IT services that are suited to your needs - empowering you to allocate more resources to your mission. 

The Texas Data Center Services program (DCS) allows state and local governmental entities to outsource management of technology infrastructure services. DCS provides secure connectivity to select public and private clouds designed around government security and disaster recovery requirements, and flexible service tiers to meet differing needs and budgets. Joining the program allows you to delegate infrastructure management. Data Center Services include:

  • Technology Solution Services
  • Texas Private Cloud
  • Public Cloud Manager
  • Application Services
  • Mainframe Services
  • Print, Mail and Digitization 

Managed Security Services (MSS) provides comprehensive IT security services for Texas agencies and DIR customers in three functional categories: Incident Response (IR), Risk and Compliance (RnC), and Security Monitoring + Device Management (SMDM). Each area contains multiple services to meet modern security needs and use DIR pre-negotiated, highly competitive pricing. 

With MSS, you can outsource security services, meet legislative security requirements, mitigate risks, and fill skillset gaps within a secure computing environment. 

Texas.gov is the state's official digital government program. You can tap in easily to portal and payment services to cost-effectively conduct business online with your customers. The program leverages enterprise-wide services and infrastructure components to provide solutions that meet or exceed state mandated requirements regarding accessibility, security, privacy, and integration with the Texas Comptroller of Public Accounts. 

The Texas Open Data Portal (ODP) is a secure data sharing environment that offers you the following benefits: 

  • reduce public information requests by redirecting constituents to the ODP, 
  • self-service data consumption, 
  • transparency through open data, 
  • data "stories" with visualizations and performance measures that can be embedded in your website 
  • automatically updated data.

We invite you to join one of our STS Governance groups to help shape the future of the program:

  • Business Executive Leadership Committee (BELC)
  • IT Leadership Committee (ITLC)
  • Texas.gov Solution Group
  • Public Cloud Solution Group
  • Contracts and Finance Solution Group
  • Geographic Information Solution Group
  • Security Solution Group
  • Private Cloud and Mainframe Solution Group
  • Texas Digital Identify Solution Group
  • Public Cloud Solution Group

Disclaimer

The Texas Department of Information Resources (DIR) compiled the below list of statutes and rules to assist newly onboarded state agency heads in identifying appropriate next steps for information technology requirements with which their agency may need to comply. This list is provided solely for informational purposes. This does not constitute legal advice, nor it is a comprehensive list of all legal requirements to which your agency is subject. You should contact your agency’s legal counsel to discuss any statutory, regulatory, or other requirements to which your agency is subject. 

 

Want More Information?

DIR stands ready to help advance your technology needs. Reach out to us!

Chief Experience Office

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.