SPECTRIM has an organizational hierarchy that allows information resources to be split up and assessed based on ownership. This is important for large organizations with decentralized IT environments. Organization, Division, and Risk Assessable Unit (RAU) are the three organizational levels within SPECTRIM.

Image 1: SPECTRIM Hierarchy


Organization Level

The highest unit level within SPECTRIM is an Organization consisting of state agencies and/or institutions of higher education. A Texas A&M University branch campus may be considered an Organization due to reporting requirements (i.e. Incident Management and Analysis, Agency Security Plan).

State agencies affiliated with Texas A&M University (e.g. Texas AgriLife Research (A&M), Texas A&M Engineering Experiment Station (TEES), etc.) are considered their own Organization within SPECTRIM as shown in Table 1. Information resources belonging to Texas A&M University that are used by a state agency must be assessed under the Texas A&M University Organization within SPECTRIM.

SPECTRIM automatically assigns a unique identifying number to each Organization.

Table 1: Organizations listed in SPECTRIM

Organization Number Organization
556 Texas AgriLife Research (A&M)
709 Texas A&M University System Health Science Center
711 Texas A&M University
712 Texas A&M Engineering Experiment Station (TEES)
718 Texas A&M University - Galveston
727 Texas Transportation Institute

Division Level

Divisions are below the Organization in SPECTRIM. Each college, division, school, and branch campus (i.e. Galveston, Qatar) of Texas A&M University has its own Division name. A branch campus that is considered an Organization as shown in Table 1 will still be listed as a Division as shown in Table 2 under the Texas A&M University Organization for IT risk assessment reporting.

SPECTRIM automatically assigns a unique identifying number to each Division within an Organization.

Table 2: Divisions listed under the Texas A&M University Organization within SPECTRIM

Division Number
1 College of Science
2 College of Education and Human Development
3 College of Geosciences
4 Bush School of Government and Public Service
5 College of Agriculture and Life Sciences
6 College of Architecture
7 College of Engineering
8 College of Liberal Arts
9 College of Veterinary Medicine and Biomedical Sciences
10 Division of Academic Affairs
11 Division of Finance and Operations
12 Division of Human Resources and Organizational Effectiveness
13 Division of Marketing and Communications
14 Division of Research
15 Division of Student Affairs
Galveston Campus
Mays Business School
Qatar Campus
School of Law
Texas A&M Athletic Department
Division of Information Technology
University Libraries

Risk Assessable Unit

A Risk Assessable Unit (RAU) is the lowest unit level available to split a college or division in SPECTRIM. It allows D-RAC(s) to focus on a single assessable unit like a department or state entity that is affiliated with a college or division and helps ensure all information resources within a college or division are assessed. The number of RAUs will depend on how the college or division IT environment is set up.

IT Environment:

  • Centralized – one or two RAUs for the college or division

  • Decentralized – one RAU for each department or affiliated state agency in the college or division

RAUs allow for flexibility while still maintaining the structure of how information resources are grouped into components (i.e. Application, Location, Network). The D-RAC should contact the Division of IT at ra@tamu.edu if they have any questions or ideas about how best to split their college or division into RAUs based on their IT environment.