Information Security Plan

On this page:

What is the Information Security Plan?

FInd helpful documents and templates

See considerations for cybersecurity planning

What is the Information Security Plan? 

The Information Security Plan is a report that state agencies, public universities, and junior colleges are required to complete every even-numbered year. These reports are completed through the SPECTRIM portal and are due on June 1. 

In developing Information Security Plans, agencies should:  

  • Consider any vulnerability report prepared under Section 2054.077, Texas Government Code.  

  • Incorporate NSOC network services provided to the agency.  

  • Identify and define the responsibilities of agency staff relating to information custodianship.  

  • Identify risk management activities and other measures taken to protect agency information from unauthorized access, disclosure, modification, or destruction 

  • Include information security best practices or a written explanation of why best practices are not sufficient, if applicable. 

Agencies should take care to omit information that could expose vulnerabilities in the agency's network or information systems from any written copies of the plan.  

Information Security Plan Template 

The Information Security Plan template gives agencies: 

  • A method for reporting on the types of controls they have in place 

  • An evaluation of their ability to operate the control environment at their required level 

  • A standardized approach for preparing the agency’s ongoing security plan 

  • The Information Security Plan is available in the SPECTRIM Portal. 

Information Security Plan Documents and Links 

The documents listed here apply to the Security Plans due in 2024 and are intended for reference. 

Information Security Plan Instructions (PDF)

Information Security Plan Template (XLSX)

Note: Agencies, Institutions of Higher Education, and Community Colleges are required to submit their security plans via the SPECTRIM portal.  This template is intended to be a supplemental resource for planning purposes, or for non-required reporting entities to leverage to align with state information security planning processes. 

Executive Sign Off Acknowledgement Form (DOCX) 

Note: The submission of this form may only be completed by uploading the document via the SPECTRIM portal in the appropriate Security Plan Template Section. 

Vulnerability Report Questionnaire (PDF) 

Note: The vulnerability questionnaire must be completed within the SPECTRIM portal.  The questionnaire can be launched by navigating to the security plan template overall record. 

2024 Information Security Plan Overview Webinar (On Demand)

Need Help with SPECTRIM?

If you have issues with the SPECTRIM portal, please contact us.

Need Help with the Plan?

If you have questions about the contents of your security plan or related legislation, please contact us.

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.