- (a) This section does not apply to a university system or institution of higher education as defined by Section 61.003, Education Code.
- (b) At least once every two years, the command shall require each state agency to complete an information security assessment and a penetration test to be performed by the command or, at the command's discretion, a vendor selected by the command.
- (c) The chief shall adopt rules as necessary to implement this section, including rules for the procurement of a vendor under Subsection (b).
Added by Acts 2025, 89th Leg., R.S., Ch. 331 (H.B. 150), Sec. 1, eff. September 1, 2025.