Cloud Computing

Explanation/ Context

Section 2054.0593 of the Texas Government Code (enacted by SB 475, 87th Texas Legislature, Regular Session (2021)) requires the Texas Department of Information Resources (DIR) to establish and implement a state risk and authorization management program to provide a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of Texas state agencies. 

DIR by rule is to prescribe:
(1) the categories and characteristics of cloud computing services subject to the state risk and authorization management program and

(2) the requirements for certification through the program of vendors that provide cloud computing services. 

DIR shall evaluate vendors to determine whether a vendor qualifies for a certification issued by DIR reflecting compliance with program requirements.  Institution must ensure that each contract for cloud computing services that it enters into or renews on or after January 1, 2022 complies with Section 2054.0593.

As a result, Institution must require a contractor to comply with the requirements of such a state risk and authorization management program and maintain program compliance and certification throughout the term of a cloud computing services contract. Institution may not enter into or renew a contract to purchase cloud computing services that are subject to the state risk and authorization management program unless the contractor demonstrates compliance with program requirements. 

For more information and assistance with becoming an approved DIR vendor for Cloud Computing, please visit the Texas Risk and Authorization web page or contact tx-ramp@dir.texas.gov.

 

Print Article