Skip to Main Content


With the passage of Senate Bill 820 districts are now required to implement several security measures.

  • Designate a security coordinator

  • Adopt a cybersecurity policy

  • Report any breach of student personally identifiable data to TEA

CyberSecurity Policy:

A district is required to have a cybersecurity policy in order to:

  1. secure district cyberinfrastructure against cyber attacks and other cybersecurity incidents.
  2. determine cybersecurity risk and implement mitigation planning.

The policy may not conflict with the information security standards for institutions of higher education adopted by the Department of Information Resources under Chapters 2054 and 2059, Government Code.

CyberSecurity Coordinator:

The superintendent of each school district must designate someone to be the cybersecurity coordinator for the district to serve as a liaison between the district and the agency in cybersecurity matters.

The cybersecurity coordinator is required to:

  • report any breach of the district’s information systems to the agency. 
  • provide notice to a parent or guardian of a breach that involves a student’s PIA.


Statewide Cybersecurity Awareness Training

House Bill 1118 (87R) amends some of the cybersecurity training requirements for state and local governments. Here is a link to the bill text.  Organizations are encouraged to confer with their legal counsel concerning specific requirements, or if there are additional questions. DIR has published a new certification form for the FY2022 training cycle for entities to verify compliance.


What is a Certified Cybersecurity Training Program? 

Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires  requires DIR, in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees and officials to complete a certified training program. The statute also requires state government contractors to complete a certified training program.


CoSN Budgeting, TCO & VOI Tools

TASB Cybersecurity Resources 

These and other articles can be found on TASB's Technology page in the TASB Legal eSource Library, which is constantly updated and increased.

Cybersecurity Annual Timeline

Date Entity Description
Annually All government entities Train employees on certified training programs
March 15 - April 30 DIR DIR with consultation of the Texas Cybersecurity Council reviews requirements of the certified training programs
May 15 DIR Updated list of certification requirements published
June 1 Training providers and government entities Submission of training programs begins
July 31 Training providers Submission of training program ends
August 31 DIR New list of certified training providers published
August 31 All government entities Report completion of training submitted to DIR via the web form


Read more.