Case Study: State of Texas: Department of Information Resources achieves centralized, streamlined GRC and statewide risk visibility with RSA Security (RSA Archer)

Texas Department of Information Resources Centralizes And Optimizes Grc Activities With Rsa Archer

The Texas Department of Information Resources (DIR), which provides technology leadership and services to more than 140 state agencies and higher-education institutions, faced outdated, fragmented GRC processes that made incident response, risk assessments, and security-planning reporting inefficient and inconsistent. Their legacy incident system forced monthly data entry with no timely insights, the risk-assessment tool was being discontinued, and a new statewide cybersecurity framework required a standardized way to assess and improve maturity across 40 key control areas.

DIR implemented RSA Archer (enterprise, policy, risk, compliance and incident modules) to centralize and standardize incident reporting and risk assessments, automate monthly reporting, and link the Texas control areas to NIST mappings. In about a year the department gained statewide visibility into key risks, improved maturity measurement, reduced duplicated effort, and made the same GRC tools available to agencies of any size—driving strong adoption and enabling additional use cases.

State of Texas: Department of Information Resources

Nancy Rainosek

Governance, Risk And Compliance Program Manager