TX-RAMP Compliance

Overview

In the 87th Legislative Session, the Texas Legislature passed Senate Bill 475, requiring the Texas Department of Information Resources (DIR) to establish a state risk and authorization management program that provides “a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.”

To comply, DIR established a framework [TX-RAMP] for collecting information about cloud service's security posture and assessing responses for compliance with required controls and documentation.

Texas Government Code 2054.0593 mandates that state agencies as defined by Texas Government Code 2054.003(13) must only enter or renew contracts to receive cloud computing services that comply with TX-RAMP requirements beginning January 1, 2022.

How We Comply

Cloud offerings subject to TX-RAMP Level 2 certification must obtain a TX-RAMP certification to contract with state agencies or institutions of higher education and public community colleges on or after January 1, 2022.

As of April 11, 2023, Platform.sh has obtained Level 2 certification and can be found in the listing of TX-RAMP Certified Cloud Products.

TX-RAMP workloads are strictly run on our US-4 region.

Resources

• Certification Letter
• Shared Responsibility Matrix for TX-RAMP Security Control Baselines 2021-11-29