Section 999.219 - Local Inspection(a) Local inspections by a representative of the ERDS Program are required to meet the ongoing oversight requirements for an existing certified Single-County ERDS or Multi-County ERDS. A local inspection shall be performed of all Single-County ERDS and the Lead County of a Multi-County ERDS upon initial certification and thereafter biennially. A local inspection shall be performed of a Sub-County of a Multi-County ERDS upon initial certification and thereafter on a randomly scheduled basis.(b) An ERDS Program representative shall contact the County Recorder, or their representative, to schedule an on-site inspection of the ERDS and all associated hardware, software, workstations, and network devices comprising the ERDS, including those located at the offices of Authorized Submitters and/or their Agents, on a mutually agreed upon date.(c) The ERDS Program representative shall verify all of the following during the local inspection: (1) An auditable log is being maintained for two (2) years or a computer security audit has taken place within the last two (2) years.(2) Documentation has been maintained and distributed in cases where an incident has been reported.(3) Access request and inventory reports are maintained.(4) Computer Security Auditor reports that reference all of the following are being maintained for a period of two (2) years: a list of all Secure Access users; confirmation that ERDS operating procedures and/or features within the ERDS design have been incorporated in order to restrict the content to meet the requirements of this chapter; security of the system, including the vulnerability of an ERDS to fraud or penetration; results of testing of the system's protections against fraud or intrusion, including security testing and penetration studies; recommendations for additional precautions needed to ensure that the system is secure; transmission of reports and responses to recommendations to the Board of Supervisors, the County Recorder, the County District Attorney, and the ERDS Program.(5) For a Single-County ERDS, that a copy of the following is on file: the County's System Certificate of Operation; the County Resolution to establish the ERDS; any applicable county policies and procedures; a signed Statement of Understanding form #ERDS 0011; a list of all Secure Access users; a signed Acknowledgement of Responsibilities Form #ERDS 0012; a completed Change of ERDS Role form #ERDS 0008 for individuals that have changed an ERDS role; the Computer Security Auditor ERDS certificate of approval and contract; the letter of deposit to an approved escrow facility; and the Certified Vendor of ERDS Software certificate of approval and the contract, if any; and a copy of any certificate of insurance required pursuant to Section 999.165, subdivision (e).(6) For a Multi-County ERDS, that a copy of the following is on file: the contract or agreement with the other county(ies); a list of all Secure Access users; a signed Acknowledgement of Responsibilities form #ERDS 0012; a completed Change of ERDS Role form #ERDS 0008 for individuals that have changed an ERDS role; all Sub-County resolutions to participate in the ERDS; the Application for Sub-County System Certification form #ERDS 0001B; all Sub-County Recorder signed Statement of Understanding forms #ERDS 0011; and any certificate of insurance required pursuant to Section 999.165, subdivision (e).(d) The ERDS Program representative shall discuss the findings of the inspection with the County Recorder, or their representative.(e) A completed policy and security review report shall be signed and dated by both the County Recorder, or their representative, and the ERDS Program representative.(f) A completed ERDS program policy and security review report shall be provided to the County Recorder at the completion of the local inspection. The ERDS Program shall forward a copy of a Sub-County report to the Lead County.(g) The ERDS Program representative shall provide an inspection result letter within thirty (30) business days of the inspection date to the County Recorder or their representative.(h) When an inspection results in a finding that the County Recorder has complied with the requirements of this chapter, the ERDS Program representative shall submit a letter to the County Recorder confirming its compliance. The ERDS Program shall forward a copy of a compliance letter for a Sub-County to the Lead County.(i) When an inspection results in a finding that the County Recorder has not complied with the requirements of this chapter, the ERDS Program representative shall submit a letter to the County Recorder containing notification of the non-compliance. The letter shall list non-compliance issues requiring corrective action and a due date allowing thirty (30) days for correction and response by the County Recorder. The ERDS Program shall forward a copy of a non-compliance letter for a Sub-County to the Lead County. (1) Upon receipt of the County Recorder's response to the request for corrective action, the ERDS Program representative shall determine whether all non-compliance issues have been addressed, and shall forward a compliance letter to the County Recorder and/or Sub-County Recorder.(2) If the ERDS Program representative determines that all non-compliance issues have been addressed, the ERDS Program shall submit a letter to the County Recorder confirming its compliance.(3) If the ERDS Program representative determines that all non-compliance issues have not been addressed, the ERDS Program representative shall work with the County Recorder to resolve them.(4) If a response to the corrective action is not received by the due date, the ERDS Program representative shall initiate a follow-up telephone call to inquire on the status of the response. If it is determined that an extension is needed, the County Recorder shall be granted an additional 2 weeks to respond.(5) If no response is received by the due date specified in the non-compliance letter, or under a two (2)-week extension granted by the ERDS Program, the ERDS Program representative shall issue a letter of ERDS suspension to the County Recorder.Cal. Code Regs. Tit. 11, § 999.219
1. New section filed 7-31-2007; operative 8-30-2007 (Register 2007, No. 31).
2. Amendment of subsections (a), (b), (c)(5)-(6) and (g) filed 8-11-2014; operative 10-1-2014 (Register 2014, No. 33).
3. Amendment of section and NOTE filed 10-7-2019; operative 1-1-2020 (Register 2019, No. 41).
4. Change without regulatory effect amending Application for Sub-County System Certification form #ERDS 0001B, Change of ERDS Role form #ERDS 0008, Statement of Understanding form #ERDS 0011 and Acknowledgement of Responsibilities form #ERDS 0012 (incorporated by reference) and amending subsections (c)(5) and (c)(6) filed 5-27-2021 pursuant to section 100, title 1, California Code of Regulations (Register 2021, No. 22). Filing deadline specified in section 100, title 1, California Code of Regulations extended 60 calendar days pursuant to Executive Order N-40-20 and an additional 60 calendar days pursuant to Executive Order N-71-20.
5. Change without regulatory effect amending subsections (b), (d)-(e) and (g) filed 12-6-2021 pursuant to section 100, title 1, California Code of Regulations (Register 2021, No. 50). Note: Authority cited: Section 27393, Government Code. Reference: Sections 27391, 27393, 27396(a) and 27396(b)(1), Government Code.
1. New section filed 7-31-2007; operative 8-30-2007 (Register 2007, No. 31).
2. Amendment of subsections (a), (b), (c)(5)-(6) and (g) filed 8-11-2014; operative 10/1/2014 (Register 2014, No. 33).
3. Amendment of section and Note filed 10-7-2019; operative 1/1/2020 (Register 2019, No. 41).
4. Change without regulatory effect amending Application for Sub-County System Certification form #ERDS 0001B, Change of ERDS Role form #ERDS 0008, Statement of Understanding form #ERDS 0011 and Acknowledgement of Responsibilities form #ERDS 0012 (incorporated by reference) and amending subsections (c)(5) and (c)(6) filed 5-27-2021 pursuant to section 100, title 1, California Code of Regulations (Register 2021, No. 22). Filing deadline specified in section 100, title 1, California Code of Regulations extended 60 calendar days pursuant to Executive Order N-40-20 and an additional 60 calendar days pursuant to Executive Order N-71-20.
5. Change without regulatory effect amending subsections (b), (d)-(e) and (g) filed 12-6-2021 pursuant to section 100, title 1, California Code of Regulations (Register 2021, No. 50).