Cybersecurity Incident Management and Reporting

On this page:

Cybersecurity Incident Response and Preparedness Resources

Incident Response Guidance

State Agency and Higher Education Incident Reporting

Texas Volunteer Incident Response Team (VIRT)

Report an Incident

Call the Incident Response Hotline at (877) DIR-CISO.

SPECTRIM (for state agencies and higher education)

Archer Engage Local Incident Reporting Form

Cybersecurity Incident Response and Preparedness Resources  

Texas DIR may provide organizations with incident response support, guidance, and resources, before, during, and after a cybersecurity incident.  

Incident Response Guidance 

Incident Response Guides, Templates, and resources provide organizations with the ability to build a robust incident management and response program.  

PDF (630.29 KB)
Last Updated: 02-13-2024

DOCX (11.69 MB)
Last Updated: 01-13-2022

Procedures and plans for responding to and processing a privacy or information security incident.

PDF (154.65 KB)
Last Updated: 01-20-2021

PDF (198.73 KB)
Last Updated: 01-17-2024

PDF (1.03 MB)
Last Updated: 01-17-2024

State Agency and Higher Education Incident Reporting 

State agencies and institutions of higher education are required to timely report certain types of security incidents to DIR.  Report an urgent incident via the SPECTRIM portal.

Timely reporting is required (preferably within 24 hours) for incidents that may: 

  • Propagate to other state systems (emergency reporting) OR 

  • Result in criminal violations that shall be reported to law enforcement OR 

  • Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information. 

For routine SPECTRIM assistance, email [email protected] or open a support request in the portal.

Certain businesses and state agencies that experience a data breach of system security that affects 250 or more Texans must contact the Office of the Texas Attorney General

Report suspected phishing emails to the DIR Network Security Operations Center (NSOC) by sending the message as an attachment to [email protected]. NSOC analysts will review the message for malicious files/URLs and take action to block confirmed malicious sites at the state's network perimeter.  

New Local Government Incident Reporting Requirement ​

As of September 1, 2023, local governments are required to report security incidents to DIR, within 48 hours of discovery.  Report an incident via the Archer Engage secure webform.

For detailed instructions, please click here.

School District and Charter School Incident Reporting

To report a cyber-attack or cybersecurity incident in accordance with Section 11.175 of the Education Code, submit a Local Government Incident Report. for detailed instructions, please click here

Cybersecurity Threat Reporting

TX-ISAO Threat Reporting

To report a cyber threat for possible research and dissemination, submit an ISAO Threat Report, https://dir.texas.gov/information-security/txisao.  Click “Submit threat report” and select “Other”. 

Texas Volunteer Incident Response Team (VIRT)

The Texas VIRT is comprised of volunteers with expertise addressing cybersecurity events that support Texas agencies, institutions of higher education, and local government organizations quickly respond to significant cybersecurity events.

Visit the Texas VIRT information page for additional details on services or how to apply to be a volunteer on the incident response team.

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.