Annual Cybersecurity Compliance Training

Texas House Bill 3834, effective June 14, 2019, requires all elected officials and most local government employees to complete an annual cybersecurity training program that has been certified by the Texas Department of Information Resources (DIR).

House Bill 1118, effective May 18, 2021, adds a penalty for non-compliance with the training requirement.

TAC offers counties a free cybersecurity course that is certified to fulfill HB 3834's requirements each year. Other entities may enroll in the course for just $9 per user. Affected entities are required to report their staff’s completion of a certified course to DIR by June 15 each year.

Who needs to complete a certified course?

The law applies to the following:

  • All local government elected officials
  • Local government and state agency employees who have access to a government computer system or database
  • State agency contractors who have access to a government computer system or database

What is the penalty for non-compliance?

HB 1118 requires counties that apply for grants outlined in Government Code Chapter 772 on or after Sept. 1, 2021, to submit with the grant application a written certification of the county’s compliance with the annual cybersecurity training.

Counties that apply for and receive a grant outlined in this chapter on or after Sept. 1, 2021, but have not complied with the cybersecurity training requirement will have to repay the grant amount back to the state. Additionally, the county will be ineligible for another grant until the second anniversary of the date the local government is determined ineligible.

2020-2021 Course Enrollment

Enrollment is open for the 2020-2021 training cycle.  Here’s how to enroll your organization.

Counties

  1. Have your commissioners court approve enrolling your county’s employees.
  2. Complete the enrollment form and submit it by emailDocusign or fax at (512) 477-1324.
  3. Fill in the user import template with your employees’ information and submit it by email so that all required employees can be enrolled in the training course.

Counties who wish to complete TAC’s certified course to satisfy the 2021 requirement will need to register for the 2020-2021 training cycle, even if they were enrolled in a previous course.

Non-County Entities

  1. Complete the enrollment form and submit it by email or fax at (512) 477-1324.
  2. Fill in the user import template with your employees’'information and submit it by email so that all required employees can be enrolled in the training course.

TAC offers its certified cybersecurity training course to non-county entities for $9 per user. In addition to the training, entities have access to an administrator dashboard to monitor progress in real-time, run completion reports and print participant certificates.

Reporting Compliance with HB 3834

TAC provides its offering of a certified cybersecurity course as a means for counties and organizations to comply with HB 3834However, TAC does not monitor, enforce, or report course completion.

Your organization will need to report compliance with the training requirement to the Department of Information Resources (DIR) by June 15 each year, asserting that all of its employees have completed a cybersecurity training course that has been certified by DIR to fulfill the requirements of HB 3834.

Other Cybersecurity Training Offered by TAC

TAC has offered cybersecurity training courses since 2019. Training that was assigned prior to January 2020 was not certified to fulfill HB 3834's requirements. For employees to achieve compliance for the 2021 requirement through a TAC-provided course, they should be enrolled in and complete a course with “(2021 Certified)” at the end of the course title.

Course List

Courses that satisfy the 2021 requirement:
TAC Cybersecurity Awareness Training (2021 Certified)
TAC Cybersecurity Awareness Training for Other Entities (2021 Certified)

Courses that do not satisfy the 2021 requirement:
TAC Cybersecurity Awareness Training (Certified State-Mandated Course)
TAC Cybersecurity Awareness Training for Other Entities (Certified State-Mandated Course)
TAC Cybersecurity Awareness Training #1: Security at a Glance (Not Certified)
TAC Cybersecurity Awareness Training #2: Preventing Phishing (Not Certified)
TAC Cybersecurity Awareness Training #3: Safe Remote & Mobile Computing (Not Certified)
TAC Cybersecurity Awareness Training #4: Privacy Principles (Not Certified)
TAC Cybersecurity Awareness Training: Responsible Use of Social Media (Not Certified)
TAC Cybersecurity Awareness Training: Safe Computing (Not Certified)

Questions? Contact TAC's Cybersecurity Support Team at (800) 456-5974.