- (a) This section does not apply to a university system or institution of higher education as defined by Section 61.003, Education Code.
- (b) At least once every two years, the department shall require each state agency to complete an information security assessment and a penetration test to be performed by the department or, at the department's discretion, a vendor selected by the department.
- (c) The department shall establish rules as necessary to implement this section, including rules for the procurement of a vendor under Subsection (b).
Added by Acts 2025, 89th Leg., R.S., Ch. 1074 (H.B. 1500), Sec. 24, eff. September 1, 2025.