(a) Each DCS Customer shall provide to the department the name, title, contact information, including emergency contact, of the designated employee(s) authorized to initiate, change, or modify services. At a minimum it shall include:
(1) Executive level technology officer such as a Chief Information Officer or Information Resources Manager; and
(2) Customer Representative.
(b) Each DCS Customer is responsible for ensuring that its use of DCS services is in compliance with applicable law, policy, and procedures.
(c) For software products not initially procured by or through the DCS program on behalf of DCS Customer, the DCS Customer shall coordinate with the DCS program to ensure complete documentation of entitlement is on file. The DCS Customer is responsible for providing proof of entitlement to the software and is accountable for software license compliance.
(d) Audit notification.
(1) DCS Customers shall promptly notify the department whenever the Customer becomes aware that an audit or compliance review is planned by external, internal, software vendor, or federal oversight auditors that will require audit assistance from the DCS program Service Providers. In any event, where audit assistance is required, the DCS Customer shall notify the department of planned audit or compliance review no less than five business days prior to anticipated start of audit or compliance review.
(2) In performing audits, DCS Customers shall endeavor to avoid unnecessary disruption of the DCS program operations and duplication of other audits. Therefore, DCS Customers shall leverage SOC or comparable audits provided for under the DCS contract, to the extent possible.
(3) The state auditor, the department's internal auditors, an institution of higher education's internal auditors, and if applicable, the Office of Inspector General of the institution of higher education, or federal auditors, may conduct audits or investigations of any entity receiving funds from the state directly under a contract or indirectly under a subcontract for Statewide Technology Center Services.
(4) A DCS Customer may request copies of audit reports submitted to the department as required by the DCS contract and governed by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) or successor group. The requesting DCS Customer should submit the request to the DCS Audit Coordinator at the department. Due to the confidential nature of information in the report, the requesting DCS Customer shall only distribute the report to its staff that have a legitimate business need for access to the report and may not distribute the report to external auditors or entities. External auditors that require access to a report in connection with an audit of a DCS Customer must contact the DCS Audit Coordinator and sign a non-disclosure agreement prior to receiving a copy of the report.
(e) Technology planning.
(1) Each DCS Customer will participate in an annual DCS technology planning process based on instructions provided in the technology planning process as documented in the Service Management Manual. This planning will relate to the services the DCS Customer receives or expects to receive through the program.
(2) All DCS Customers shall follow the technology standards for hardware and software configurations as specified in the annual technology plan and Service Management Manual. DCS Customers seeking exception to specified technology standards shall comply with the relevant Service Management Manual.
(f) Governance process.
(1) All DCS Customers will participate in the governance process designed to facilitate individual customer input into enterprise decisions that affect all customers. Each customer is assigned to a group of similar customers, called a "partner group", and that group will be given one membership position on each governance committee. Members of the partner group are expected to represent the interests of all partner group members in governance decisions.
(2) Enterprise-level decisions and resolution of escalated DCS Customer-specific issues shall be addressed through standing governance committees, organized by subject area and comprised of representatives from the department, DCS Customers, and service providers. Participation on committees is selected from each designated partner group.
(g) Confidential data.
(1) DCS Customer shall provide its specific confidentiality requirements as determined by the nature of the data stored in the DCS program. Generally, the specific confidentiality requirements shall be appended to the interagency contract. The Service Management Manual shall provide additional documentation on the specific procedures, including the process DCS Customers shall follow to identify confidential information.
(2) In general, a DCS Customer shall include in the interagency agreement:
(A) General notification as to the type of confidential data and the laws that guide in the handling of such data; and
(B) Subsequent changes to laws that apply to previously identified confidential data.
(h) Security.
(1) DCS Customers shall comply with the Security Incident Management and Response process available in the Service Management Manual.
(2) DCS Customers shall be in compliance with 1 Texas Administrative Code Chapter 202.
Source Note: The provisions of this §215.32 adopted to be effective March 17, 2015, 40 TexReg 1368; amended to be effective September 17, 2018, 43 TexReg 5948; amended to be effective August 1, 2021, 46 TexReg 4681