Section 999.147 - Proprietary Software(a) A Computer Security Auditor may not be required to conduct a source code review on any software identified as proprietary by the Certified Vendor of ERDS Software unless such software affects the security of the ERDS.(b) Prior to conducting a source code review, the County Recorder shall ensure all of the following: (1) The County Recorder has agreed to allow the Certified Vendor of ERDS Software to include proprietary source code as part of the ERDS.(2) The Certified Vendor of ERDS Software has identified proprietary source code as part of the ERDS.(3) The Computer Security Auditor advises the County Recorder that the security of the ERDS cannot be verified without a source code review.(4) The Computer Security Auditor shall agree to abide by the confidentiality requirements of the Certified Vendor of ERDS Software.(5) The Certified Vendor of ERDS Software shall agree that the Computer Security Auditor shall reveal any results of the source code review, conclusions as to the security of the ERDS, findings, and recommendations in the audit report.(6) The County Recorder, Computer Security Auditor, and Certified Vendor of ERDS Software shall all agree on methods for including the results, conclusions, and recommendations about proprietary source code reviews made by the Computer Security Auditor in the audit report.Cal. Code Regs. Tit. 11, § 999.147
1. New section filed 7-31-2007; operative 8-30-2007 (Register 2007, No. 31).
2. Amendment filed 10-7-2019; operative 1-1-2020 (Register 2019, No. 41). Note: Authority cited: Sections 27393, 27394(e) and 27394(f), Government Code. Reference: Sections 27393(b)(2), 27393(b)(11) and 27394(e), Government Code.
1. New section filed 7-31-2007; operative 8-30-2007 (Register 2007, No. 31).
2. Amendment filed 10-7-2019; operative 1/1/2020 (Register 2019, No. 41).