In an era where data security and risk management are paramount, Texas agencies and EDUs are mandated by TAC 202 to conduct biennial security and risk assessments. This encompasses not just internal systems, but Texas Government Code 2054, which also extends to cloud applications and third-party service providers through TX-RAMP. Our presentation delves into the heart of these requirements, exploring the rationale behind the laws and the practicalities of their implementation. Through a survey of various Texas agencies and EDUs, we have gleaned insights into the diverse approaches adopted to meet TAC 202 assessment requirements. Our focus is on the best practices for automating governance, risk, and compliance (GRC) responsibilities. We will discuss tools and methodologies that agencies are leveraging for thorough assessments of information systems, applications, and third-party service providers. Special attention is given to the integration of cloud services into the risk assessment framework, in line with TX-RAMP. This presentation will provide a practical guide with actionable strategies and tools to enhance agency risk assessment programs. By sharing real-world examples and best practices, we aim to foster a more secure and compliant information security landscape across Texas state agencies and EDUs.

Session Objectives:

• Gain insight into TAC 202 and TGC 2054 security assessment requirements and their impact on agencies' risk management programs.
• Learn best practices in risk assessment GRC Tools and automation for assessing risks in information systems, applications, and third-party services.
• Gain actionable real-world strategies for enhancing agency security, risk, and compliance programs.

PLATINUM SPONSOR: SALTY CLOUD

​​​​​​​