SB 271 – Texas Government Cybersecurity Incident Reporting

As your dedicated IT partner, we are committed to keeping you informed about the latest developments in the ever-evolving landscape of cybersecurity.

Legislative change in Texas through Senate Bill 271 (SB 271), introduces crucial cybersecurity incident reporting requirements for government agencies within the state of Texas. This legislation emphasizes proactive measures to enhance the overall cybersecurity posture of Texas government entities and streamline incident reporting practices. This law went into effect 9/1/2023

Key Takeaways:

Mandatory Reporting: SB 271 mandates that all Texas government agencies must report cybersecurity incidents within 48 hours after discovery. This includes a wide range of security events, such as data breaches, cyberattacks, and other incidents that could compromise sensitive information or disrupt government operations.

Timely Reporting: The law underscores the importance of timely incident reporting, ensuring that agencies promptly notify the appropriate authorities when incidents occur. Incident reports will be submitted via the Archer Engage secure webform.

Coordinated Response: SB 271 encourages collaborative efforts between government agencies and the Department of Information Resources (DIR) to facilitate effective incident response and information sharing.

Enhanced Security Measures: Government agencies are urged to implement enhanced cybersecurity measures and incident response plans to meet the reporting requirements effectively.

Compliance Matters: Adherence to SB 271 is crucial for government offices, as non-compliance could result in legal repercussions. This emphasizes the need for robust cybersecurity practices and policies.

How to Report

Incident reports will be submitted via the Archer Engage secure webform.  To submit an incident:

  • Create an Engage account (first-time only).
  • Log into Engage (enter username and password; submit one-time verification code).
  • Note: If after logging in, you are not redirected to the incident form, please click the Engage link again.
  • Submit incident report and receive email confirmation, this email may be delayed by up to 30 minutes from when you submit your report (retain email confirmation with incident ID).
  • Submit incident closure and receive email confirmation.

Refer to the user guide for detailed instructions:

Local Government Incident Reporting User Guide

Section 11.175 of the Education Code requires school districts and charter schools to report any cyber-attack or other cybersecurity incident that constitutes a “Breach of system security” in which student information that is sensitive, protected, or confidential, as provided by state or federal law, is stolen or copied, transmitted, viewed, or used by a person unauthorized to engage in that action.  Submitting the local government incident report satisfies this requirement.

Note: If you are unable to submit an incident using the reporting form, contact the DIR Incident Response Hotline, (877) DIR-CISO, for assistance.

BIS is committed to helping our clients maintain a resilient and secure IT environment. Want to use BIS for your IT Services? Call us at 800.247.9045 or Email us at

Read the DIR article regarding this law here.

Published On: September 10th, 2023 / Categories: Texas Legislation, Texas Legislature /

Let’s Supercharge Your Office Today

Fill out this form to get a call back from one of our team members. We are bananas for finding out how we can help!

Thank you for your message. It has been sent.
There was an error trying to send your message. Please try again later.