Sec. 2054.5191. CYBERSECURITY TRAINING REQUIRED: CERTAIN EMPLOYEES. (a) Each state agency shall identify state employees who use a computer to complete at least 25 percent of the employee's required duties. At least once each year, an employee identified by the state agency and each elected or appointed officer of the agency shall complete a cybersecurity training program certified under Section 2054.519.

(a-1) At least once each year, a local government shall identify local government employees who have access to a local government computer system or database and require those employees and elected officials of the local government to complete a cybersecurity training program certified under Section 2054.519 or offered under Section 2054.519(f).

(b) The governing body of a local government may select the most appropriate cybersecurity training program certified under Section 2054.519 or offered under Section 2054.519(f) for employees of the local government to complete. The governing body shall:

(1) verify and report on the completion of a cybersecurity training program by employees of the local government to the department; and

(2) require periodic audits to ensure compliance with this section.

(c) A state agency may select the most appropriate cybersecurity training program certified under Section 2054.519 for employees of the state agency. The executive head of each state agency shall verify completion of a cybersecurity training program by employees of the state agency in a manner specified by the department.

(d) The executive head of each state agency shall periodically require an internal review of the agency to ensure compliance with this section.

Added by Acts 2019, 86th Leg., R.S., Ch. 1308 (H.B. 3834), Sec. 3, eff. June 14, 2019.