(a) Each DCS Customer shall provide to the department
the name, title, contact information, including emergency contact,
of the designated employee(s) authorized to initiate, change, or modify
services. At a minimum it shall include:
(1) Executive level technology officer such as a Chief
Information Officer or Information Resources Manager; and
(2) Customer Representative.
(b) Each DCS Customer is responsible for ensuring that
its use of DCS services is in compliance with applicable law, policy,
and procedures.
(c) For software products not initially procured by
or through the DCS program on behalf of DCS Customer, the DCS Customer
shall coordinate with the DCS program to ensure complete documentation
of entitlement is on file. The DCS Customer is responsible for providing
proof of entitlement to the software and is accountable for software
license compliance.
(d) Audit notification.
(1) DCS Customers shall promptly notify the department
whenever the Customer becomes aware that an audit or compliance review
is planned by external, internal, software vendor, or federal oversight
auditors that will require audit assistance from the DCS program Service
Providers. In any event, where audit assistance is required, the DCS
Customer shall notify the department of planned audit or compliance
review no less than five business days prior to anticipated start
of audit or compliance review.
(2) In performing audits, DCS Customers shall endeavor
to avoid unnecessary disruption of the DCS program operations and
duplication of other audits. Therefore, DCS Customers shall leverage
SOC or comparable audits provided for under the DCS contract, to the
extent possible.
(3) The state auditor, the department's internal auditors,
an institution of higher education's internal auditors, and if applicable,
the Office of Inspector General of the institution of higher education,
or federal auditors, may conduct audits or investigations of any entity
receiving funds from the state directly under a contract or indirectly
under a subcontract for Statewide Technology Center Services.
(4) A DCS Customer may request copies of audit reports
submitted to the department as required by the DCS contract and governed
by the Auditing Standards Board of the American Institute of Certified
Public Accountants (AICPA) or successor group. The requesting DCS
Customer should submit the request to the DCS Audit Coordinator at
the department. Due to the confidential nature of information in the
report, the requesting DCS Customer shall only distribute the report
to its staff that have a legitimate business need for access to the
report and may not distribute the report to external auditors or entities.
External auditors that require access to a report in connection with
an audit of a DCS Customer must contact the DCS Audit Coordinator
and sign a non-disclosure agreement prior to receiving a copy of the
report.
(e) Technology planning.
(1) Each DCS Customer will participate in an annual
DCS technology planning process based on instructions provided in
the technology planning process as documented in the Service Management
Manual. This planning will relate to the services the DCS Customer
receives or expects to receive through the program.
(2) All DCS Customers shall follow the technology standards
for hardware and software configurations as specified in the annual
technology plan and Service Management Manual. DCS Customers seeking
exception to specified technology standards shall comply with the
relevant Service Management Manual.
(f) Governance process.
(1) All DCS Customers will participate in the governance
process designed to facilitate individual customer input into enterprise
decisions that affect all customers. Each customer is assigned to
a group of similar customers, called a "partner group", and that group
will be given one membership position on each governance committee.
Members of the partner group are expected to represent the interests
of all partner group members in governance decisions.
(2) Enterprise-level decisions and resolution of escalated
DCS Customer-specific issues shall be addressed through standing governance
committees, organized by subject area and comprised of representatives
from the department, DCS Customers, and service providers. Participation
on committees is selected from each designated partner group.
(g) Confidential data.
(1) DCS Customer shall provide its specific confidentiality
requirements as determined by the nature of the data stored in the
DCS program. Generally, the specific confidentiality requirements
shall be appended to the interagency contract. The Service Management
Manual shall provide additional documentation on the specific procedures,
including the process DCS Customers shall follow to identify confidential
information.
(2) In general, a DCS Customer shall include in the
interagency agreement:
(A) General notification as to the type of confidential
data and the laws that guide in the handling of such data; and
(B) Subsequent changes to laws that apply to previously
identified confidential data.
(h) Security.
(1) DCS Customers shall comply with the Security Incident
Management and Response process available in the Service Management
Manual.
(2) DCS Customers shall be in compliance with 1 Texas
Administrative Code Chapter 202.
|
Source Note: The provisions of this §215.32 adopted to be effective March 17, 2015, 40 TexReg 1368; amended to be effective September 17, 2018, 43 TexReg 5948; amended to be effective August 1, 2021, 46 TexReg 4681 |