Summary of Report 26-011

December 2025

The State Auditor’s Office completed an audit related to the Department of Information Resources’ (Department) configuration and vulnerability management processes. The objective of the audit was to determine whether the Department and its contracted vendors have processes and related controls in place to ensure that state data center systems and related assets are configured and secured according to applicable standards.

Due to the subject of the audit and to minimize security risks, auditors communicated the audit findings separately to the Department in a confidential report, which is exempt from the requirements of the Texas Public Information Act.