SPECTRIM Hiearchy
SPECTRIM has an organizational hierarchy that allows information resources to be split up and assessed based on ownership. This is important for large organizations with decentralized IT environments. Organization, Division, and Risk Assessable Unit (RAU) are the three organizational levels within SPECTRIM.
Image 1: SPECTRIM Hierarchy
Organization Level
The highest unit level within SPECTRIM is an Organization consisting of state agencies and/or institutions of higher education. A Texas A&M University branch campus may be considered an Organization due to reporting requirements (i.e. Incident Management and Analysis, Agency Security Plan).
State agencies affiliated with Texas A&M University (e.g. Texas AgriLife Research (A&M), Texas A&M Engineering Experiment Station (TEES), etc.) are considered their own Organization within SPECTRIM as shown in Table 1. Information resources belonging to Texas A&M University that are used by a state agency must be assessed under the Texas A&M University Organization within SPECTRIM.
SPECTRIM automatically assigns a unique identifying number to each Organization.
Table 1: Organizations listed in SPECTRIM
| Organization Number | Organization |
| 556 | Texas AgriLife Research (A&M) |
| 709 | Texas A&M University System Health Science Center |
| 711 | Texas A&M University |
| 712 | Texas A&M Engineering Experiment Station (TEES) |
| 718 | Texas A&M University - Galveston |
| 727 | Texas Transportation Institute |
Division Level
Divisions are below the Organization in SPECTRIM. Each college, division, school, and branch campus (i.e. Galveston, Qatar) of Texas A&M University has its own Division name. A branch campus that is considered an Organization as shown in Table 1 will still be listed as a Division as shown in Table 2 under the Texas A&M University Organization for IT risk assessment reporting.
SPECTRIM automatically assigns a unique identifying number to each Division within an Organization.
Table 2: Divisions listed under the Texas A&M University Organization within SPECTRIM
|
Division Number
|
Division
|
| 1 | College of Science |
| 2 | College of Education and Human Development |
| 3 | College of Geosciences |
| 4 | Bush School of Government and Public Service |
| 5 | College of Agriculture and Life Sciences |
| 6 | College of Architecture |
| 7 | College of Engineering |
| 8 | College of Liberal Arts |
| 9 | College of Veterinary Medicine and Biomedical Sciences |
| 10 | Division of Academic Affairs |
| 11 | Division of Finance and Administration |
| 12 | Division of Human Resources and Organizational Effectiveness |
| 13 | Division of Marketing and Communications |
| 14 | Division of Research |
| 15 | Division of Student Affairs |
|
16
|
Galveston Campus |
|
17
|
Mays Business School |
|
18
|
Qatar Campus |
|
19
|
School of Law |
|
20
|
Texas A&M Athletic Department |
|
21
|
Texas A&M Information Technology |
|
22
|
University Libraries |
Risk Assessable Unit
A Risk Assessable Unit (RAU) is the lowest unit level available to split a college or division in SPECTRIM. It allows D-RAC(s) to focus on a single assessable unit like a department or state entity that is affiliated with a college or division and helps ensure all information resources within a college or division are assessed. The number of RAUs will depend on how the college or division IT environment is set up.
IT Environment:
-
Centralized – one or two RAUs for the college or division
-
Decentralized – one RAU for each department or affiliated state agency in the college or division
RAUs allow for flexibility while still maintaining the structure of how information resources are grouped into components (i.e. Application, Location, Network). The D-RAC should contact Texas A&M IT Risk Management and Policy at ra@tamu.edu if they have any questions or ideas about how best to split their college or division into RAUs based on their IT environment.