Risk Assessment Policy and Procedures | RA-1

Risk Assessment Policy

MCC recognizes that risk assessment policies and procedures are vital to reducing information security risks and meeting our legal requirements for protecting confidential information.

Purpose

The Risk Assessment Policy and associated controls describe the requirements for identifying, analyzing, and managing information security risks associated with MCC information and information resources.

Scope and Roles

This policy applies to information resources owned or managed by MCC. The intended audience includes the Cybersecurity Manager, Information Resource Owners and Custodians.

Compliance

Risk Assessment controls are implemented to ensure compliance with Title 1 Texas Administrative Code (TAC) §202.75, §202.74, and the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by TAC §202.76.

Implementation

The Cybersecurity Manager or their designee is responsible for: 

  • ensuring that this policy and supporting procedures are periodically reviewed and updated.

Last updated: 5/27/2026

Contact Hours or Questions?

Information on Tech Support