TX-RAMP Background

Texas Government Code 2054.0593 mandates that state agencies as defined by Texas Government Code 2054.003(13) must only enter or renew contracts to receive cloud computing services that comply with TX-RAMP requirements beginning January 1, 2022.

This requirement applies to cloud services including:

• Software as a Service (SaaS)
• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)

TX-RAMP certification requirements were implemented in phases:

• Effective January 1, 2022: Cloud computing services subject to Level 2 TX-RAMP were required to obtain TX-RAMP certification.
• Effective January 1, 2024: This requirement was expanded to include cloud computing services subject to Level 1 TX-RAMP.

TX-RAMP Certification Overview

In alignment with this approach, The University of Texas at Arlington requires TX-RAMP certification for cloud computing services, when applicable, based on the nature of the service, the data classification involved, and contractual or regulatory obligations, ensuring compliance with state requirements while supporting institutional risk management objectives.

UTA Faculty and Staff procuring cloud computing services (Software as a Service, Infrastructure as a Service, or Platform as a Service) that meet these requirements should notify vendors of the applicable requirements early in the procurement process to help reduce delays in purchase approval and assessment review.

Cloud service providers seeking TX-RAMP certification or provisional status must submit a request through the Texas Department of Information Resources (DIR) TX-RAMP intake process. Vendors submitting a certification or provisional request must use the official TX-RAMP Request page, where submissions are managed through the Statewide Portal for Enterprise Cybersecurity Threat, Risk, and Incident Management (SPECTRIM). 

Additional Information

If you believe a vendor meets TX-RAMP requirements, please validate this by confirming the vendor is listed on the TX-RAMP Certified Cloud Products site. If there are any questions or uncertainty regarding a vendor’s status, contact the Information Security Office.

Reminder: Many online services have a “Click Through” agreement during purchase. This is a legal contract, and unless you are authorized by the University, you are violating policy and putting the University at risk by not following proper procedures for reviewing security, accessibility, and legal requirements.