Technology Risk Assessment Program

Acquisition of Technology Resources

New cybersecurity laws require the acquisition of technology resources to be reviewed to ensure compliance with federal and state requirements. IT Compliance coordinates technology risk assessments for technology resources. 


Effective January 1, 2022, cloud computing services must be certified by the State of Texas Department Information Resources (DIR) Texas Risk and Authorized Management Program (TX-RAMP). 

The Technology Risk Assessment process integrates TX-RAMP into the technology review process. Requests are reviewed based on TX-RAMP assessment levels: ​

  • Level 1 Risk Assessment – Low Impact or no confidential data.
  • Level 2 Risk Assessment – Moderate/High Impact resources or uses confidential data.

To initiate the technology risk assessment of your technology acquisition, please submit a Technology Acquisition Questionnaire. Department and IT Vendor Checklists are available in the Help Links section for assistance.

Helpful Links