LEGISLATIVE BUDGET BOARD
Austin, Texas
 
FISCAL NOTE, 87TH LEGISLATIVE REGULAR SESSION
 
April 7, 2021

TO:
Honorable Jane Nelson, Chair, Senate Committee on Finance
 
FROM:
Jerry McGinty, Director, Legislative Budget Board
 
IN RE:
SB475 by Nelson (Relating to state agency and local government information security, including establishment of the state risk and authorization management program and the Texas volunteer incident response team; authorizing fees.), As Introduced

No significant fiscal implication to the State is anticipated.  

However, the bill would authorize DIR to establish regional network security centers to assist in providing cybersecurity support and network security to regional offices or locations for state agencies and other entities that elect to participate in and receive services.  If DIR establishes regional network security centers, there would be an indeterminate cost to the state.

The bill would amend Chapter 2054 of the Government Code to require the Department of Information Resources (DIR) to establish a state risk and authorization management program.  The bill would also require DIR to establish a framework for regional working groups to execute mutual aid agreements to assist with responding to a cybersecurity event in the state, and to establish the Texas volunteer incident response team. DIR would be authorized to establish a fee for participating entities receiving incident response team assistance. Based on the analysis of DIR, it is assumed that the costs associated with these provisions of the bill could be absorbed using existing resources. This analysis also assumes that any fees imposed by DIR would recover costs associated with implementing the incident response team.  

The bill would authorize DIR to establish regional network security centers to assist in providing cybersecurity support and network security to regional offices or locations for state agencies and other entities that elect to participate in and receive services.  It is assumed that if DIR establishes regional network security centers there would be an indeterminate cost to the state.

The bill would also require each state agency with more than 150 full-time employees to designate a full-time employee to serve as a data management officer.  Based on the analysis of several agencies and higher education institutions, it is assumed that the costs associated with the bill's provision relating to designating a full-time employee to serve as data management officer could be absorbed using existing resources.

Local Government Impact

No significant fiscal implication to units of local government is anticipated.


Source Agencies:
303 Facilities Commission, 307 Secretary of State, 313 Department of Information Resources, 529 Hlth & Human Svcs Comm, 537 State Health Services, 582 Commission on Environmental Quality, 701 Texas Education Agency, 710 Texas A&M Univ System Admin, 720 UT Sys Admin, 781 Higher Education Coordinating Board
LBB Staff:
JMc, KK, LCO, MBO, SD