What is TX-RAMP?

In the 87th Legislative Session, the Texas Legislature passed Senate Bill 475, requiring the Texas Department of Information Resources (DIR) to establish a state risk and authorization management program that provides “a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.”  To comply, DIR established a framework for collecting information about cloud services security posture and assessing responses for compliance with required controls and documentation. Texas Government Code 2054.0593 mandates that state agencies as defined by Texas Government Code 2054.003(13) must only enter or renew contracts to receive cloud computing services that comply with TX-RAMP (Texas Risk and Authorization Management Program) requirements beginning January 1, 2022.

Frequently Asked Questions

What is a Cloud Computing Service? How do I know if I'm using one?  
Are there exceptions to TX-RAMP?  
What steps has UTSA taken to ensure compliance?  
I need more time to work with my vendor! What should I do?