KEY QUESTION: Are county employees and elected and appointed officials required by law to complete cybersecurity training?
MAIN REFERENCE POINT: Information Resources Act, Government Code, Chapter 2054, New Section 2054.5191
TALKING POINTS:
- House Bill 3834 passed by the 86th Texas Legislature required certain local government employees and elected officials to complete a cybersecurity training program certified by the Texas Department of Information Resources (DIR). There were several changes to the cybersecurity training requirements made by House Bill 1118, which was passed during the 87th Legislature.
- Regarding local government, employees and elected and appointed officials who have access to a local government computer system or database and use a computer to perform at least 25 percent of the employee’s or official’s required duties are required to take annual training. This also applies to part-time employees if they meet the 25 percent requirement.
- House Bill 1118 also amended Subchapter A, Chapter 772, Government Code, by adding Section 772.012, which requires cybersecurity training compliance for criminal justice division grants.
- The DIR, in consultation with the Texas Cybersecurity Council, was required to certify at least five cybersecurity training programs as required by this legislation. A link to the certified programs is available at https://bit.ly/2GZM7Oa.
- Local governments must use a DIR-certified training program. There is no longer an exception for entities with a dedicated information resources cybersecurity officer.
- According to the law, the governing body shall:
- verify and report on the completion of a cybersecurity training program by employees of the local government to the DIR; and
- require periodic audits to ensure compliance with this section.
- There is no deadline for annual training to be complete, but the compliance report must be filed by Aug. 31 on an annual basis.
For additional information, go to https://bit.ly/2GZM7Oa. – The Texas Department of Information Resources contributed to this article.