| Authority/Reference(s) | |
|---|---|
| Revision Date | April 8, 2022 |
Policy
To mitigate cybersecurity threats and risks in state government contracting, the 86th Legislature passed House Bill 3834 which requires contractors, and their subcontractors, officers, or employees who have access to state computer systems or databases complete cybersecurity training through Department of Information Resources (DIR). Contractors are required to adhere to cybersecurity training requirements for the term of their contract, including any renewal periods, and certify that required personnel and subcontractors have completed the training.
As identified by the Office of Information Security (OIS), contracts legal, contracting leadership, and COS; DIR certified cybersecurity training is required when the contractor’s personnel and subcontractors have access to these DFPS computer systems:
- PEIRS;
- IMPACT;
- TARE; and,
- CLASS.
To obtain a list of DIR certified trainings, visit the DIR Website.
DFPS Staff Augmentation contracted employees satisfy cybersecurity training requirements through training facilitated and administered by OIS.
Certification of Cybersecurity Training
Contractors must complete and submit Form 4530 DFPS Cybersecurity Training Certification to attest that identified personnel and subcontractors who have access to the DFPS systems receive required cybersecurity training within the certification period.
Contractors are required to maintain documentation that includes:
- individuals who are required to take the training
- documentation of the completed training
- name of the entity who performed the training
- title of the cybersecurity course
The 4530 DFPS Cybersecurity Training Certification is submitted to the contract manager on an annual basis, by the last business day in June. The certification must be signed by the contractor’s:
- contract signatory, or designee; or
- human resources director.