Section 999.145 - Physical Security(a) With the exception of a county data center or an outsourced county data center in which physical access is already managed by security controls, including fingerprinting, the site housing the ERDS server shall be protected from unauthorized physical access. The server shall be locked in a manner that prevents unauthorized physical access.(b) All ERDS shall be required to meet all of the physical security requirements as follows: (1) The County Recorder shall ensure precautions are employed to protect the ERDS server, software, and data from theft, damage, and/or unauthorized access or use. Precautions may be defined in the County Recorder ERDS operating procedures or may be established by mutual agreement between the County Recorder and the entity housing the ERDS server.(2) During audits, the Computer Security Auditor shall be allowed to inspect all access requests and inventory reports that occurred within the two (2)-year period prior to the start of an audit.(3) During local inspections, an ERDS Program representative shall be allowed to inspect all access requests and inventory reports that occurred within the two (2)-year period prior to the start of a local inspection.(c) An ERDS shall be required to meet all of the network security requirements as follows: (1) Persons who are granted Physical Access to an ERDS server require fingerprinting.(2) All requests for Physical Access to a single-purpose ERDS server are subject to approval by the County Recorder. Absent an agreement to the contrary, the County recorder cannot grant Physical Access to a multi-purpose server for non-ERDS purposes.(3) The County Recorder will account for all keys, whether physical or electronic, used for locking and unlocking Physical Access to an ERDS server, software, and/or data using a process determined by the County Recorder and contained in the ERDS Operating Procedures.Cal. Code Regs. Tit. 11, § 999.145
1. New section filed 7-31-2007; operative 8-30-2007 (Register 2007, No. 31).
2. Amendment of subsection (b)(3) filed 8-11-2014; operative 10-1-2014 (Register 2014, No. 33).
3. Amendment filed 10-7-2019; operative 1-1-2020 (Register 2019, No. 41). Note: Authority cited: Section 27393, Government Code. Reference: Sections 27393(b)(2), 27393(c) and 27397.5, Government Code.
1. New section filed 7-31-2007; operative 8-30-2007 (Register 2007, No. 31).
2. Amendment of subsection (b)(3) filed 8-11-2014; operative 10/1/2014 (Register 2014, No. 33).
3. Amendment filed 10-7-2019; operative 1/1/2020 (Register 2019, No. 41).