TX-RAMP Information

“Cloud computing services” is defined in Texas Government Code § 2054.0593(a); however, a
state agency may use the below list to assist it in determining whether the product, application,
or service in question is a cloud computing service. A state agency should also consult with its
legal counsel to determine whether Texas Government Code § 2054.0593 is applicable to the
offering in question. Essential characteristics of a cloud computing service are:

• On-demand Self-service. A consumer can unilaterally provision computing capabilities,
  such as server time and network storage, as needed automatically without requiring
  human interaction with each service provider.
• Broad Network Access. Capabilities are available over the network and accessed
  through standard mechanisms that promote use by heterogeneous thin or thick client
  platforms (e.g., mobile phones, tablets, laptops, and workstations).
• Resource Pooling. The provider’s computing resources are pooled to serve multiple
  consumers using a multi-tenant model, with different physical and virtual resources
  dynamically assigned and reassigned according to consumer demand. There is a sense of
  location independence in that the customer generally has no control or knowledge over
  the exact location of the provided resources but may be able to specify location at a
  higher level of abstraction (e.g., country, state, or datacenter). Examples of resources
  include storage, processing, memory, and network bandwidth.
• Rapid Elasticity. Capabilities can be elastically provisioned and released, in some cases
  automatically, to scale rapidly outward and inward commensurate with demand. To the
  consumer, the capabilities available for provisioning often appear to be unlimited and
  can be appropriated in any quantity at any time.
• Measured Service. Cloud systems automatically control and optimize resource use by
  leveraging a metering capability at some level of abstraction appropriate to the type of
  service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage
  can be monitored, controlled, and reported, providing transparency for both the
  provider and consumer of the utilized service.

We have worked all of 2022 to reach out to all UTSA Data Owners in our records that are using Cloud Services to get them into the TX-RAMP system. A Vendor not in the TX-RAMP system could stall or halt a future Cloud Service purchase or renewal in the new year, 2023.

In 2022, DIR allowed state agencies to sponsor temporary TX-RAMP Provisional Statuses. TX-RAMP Provisional Status provides a provisional product certification permitting a state agency to contract for the use of a product for up to 18 months without receiving full TX-RAMP certification. UTSA can assist by standing in as a Sponsor for TX-RAMP Provisional Status to get your Cloud Service into the TX-RAMP system.

If a UTSA Data Owner using cloud services that are subject to TX-RAMP would like UTSA to stand in as a Sponsor before the end of November 2022, please acquire your Vendor’s blessing, and then contact the UTSA Office of Information Security (informationsecurity@utsa.edu). Currently, a State Agency Sponsorship gains a Vendor 18 months to work on full certification.