Security & Compliance

Our compliance program consists of internal policies and procedures to ensure we comply with state and federal laws, and university policies and regulations.

Protected Data Service

Reduce the workload to satisfy common security control requirements. We support the most common security control requirements needed by researchers. TACC has developed an extensive compliance program to assist PIs and research groups faced with the prospect of conducting research using protected data.

> Learn More


TACC uses a highly-qualified third-party organization with certified specialists to audit TACC’s policies providing independent validation that TACC meets the relevant compliance requirements. The audit is administered regularly and assesses TACC’s compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Third-party assessments follow UT Austin policy.


TACC is committed to protecting and safeguarding the confidential and sensitive information entrusted to us. TACC ensures compliance with privacy laws, rules, and policies. TACC strives to create a culture of privacy awareness and for the highest level of commitment to protecting personally identifiable information.

The following are regulations commonly associated with privacy activity at TACC:

FERPA - Family Educational Rights And Privacy Act

The Family Educational Rights and Privacy Act of 1974, (20 U.S.C. § 1232g; 34 CFR Part 99), FERPA, also know as the Buckley Amendment, is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the US Department of Education.

> Learn More

HIPAA - Health Insurance Portability And Accountability

This policy applies to all personnel, regardless of affiliation, who create, access or store Protected Health Information (“PHI”) at TACC designated for purposes of complying with the final provisions of the security and privacy rules regulated by the Health Insurance Portability and Accountability Act (HIPAA).

> Learn More

EU GDPR - European Union General Data Protection Regulations

The Texas Advanced Computing Center (TACC) is working towards compliance with the European Union General Data Protection Regulations — the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

> Learn More


Export controls are federal laws that govern the transmission of controlled data, technologies, software, and hardware to a non-U.S. citizen. Exports can occur through a variety of means, including shipping, oral communications, written documentation (including emails), and visual inspections of any technology, software, or technical data to any non-U.S. citizen.

The U.S. Government uses an export control license to manage export-controlled technology transfers. TACC uses its Protected Data Service to track these licenses.

The U.S. Treasury’s Office of Foreign Asset Control (OFAC) enforces sanctions against Countries of Concern — countries with a presence on one or more U.S. or international sanctions or embargo lists. Activities that involve transactions with foreign nationals from an embargoed or sanctioned country may be subject to export controls. TACC follows UT policy to identify Countries of Concern.

EAR - Export Administration Regulations

The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) administers the Export Administration Regulations (EAR), (15 CFR §§730-774), which regulates the export and export restrictions for goods and services. Goods and services include intellectual property, technology and software, and hardware and software containing specific encryption algorithms.

> Learn More

ITAR - International Traffic In Arms Regulation

The U.S. Department of State’s Directorate of Defense Trade Controls (DDTC) administers the International Traffic and Arms Regulations (ITAR), which govern the export of articles, services, and related technical data that are inherently military in nature.

> Learn More