The approval process for the deans and Vice Presidents to sign off on the annual information security assessments requires coordination between Texas A&M IT and the Division Risk Assessment Coordinator from the college or division.

Process:

Step

Personnel

Action

1

Assessor

Respond to all findings (i.e. corrective action, risk management decision)

2

Division Risk Assessment Coordinator

Notify Texas A&M IT that all risk assessments and related findings are complete

3

Texas A&M IT

Create a college/division executive summary which includes:

•Decisions or actions that the CISO thinks may deserve additional consideration

•Aggregate data for the college/division

•Dean/VP signature page

4

Texas A&M IT

Prepare PDFs of all risk assessments in the college/division

5

Texas A&M IT

Send documentation (i.e. college/division executive summary, all risk assessments) to the D-RAC

6

Division Risk Assessment Coordinator

Submit documentation to the dean/VP for signature

7

Dean or VP

Review and approve college/division executive summary

8

Division Risk Assessment Coordinator

Submit signed dean/VP signature page to Texas A&M IT

9

Texas A&M IT

Create university executive summary which includes:

•Decisions or actions the CISO thinks may deserve additional consideration.

•Aggregate data for the university

•CISO Signature Page

10

Chief Information Security Officer (CISO)

Review and approve university executive summary

11

CISO

Submit university executive summary to the CIO & President