Statutes, codes, and regulations
Iowa Administrative Code
Agency 441 - HUMAN SERVICES DEPARTMENTTitle XIII - SERVICE ADMINISTRATION
Chapter 142 - INTERSTATE COMPACT ON THE PLACEMENT OF CHILDREN
Rule 441-142.10 - NEICE database

Iowa Admin. Code r. 441-142.10

Download
PDF
Current through Regsiter Vol. 46, No. 26, June 12, 2024
Rule 441-142.10 - NEICE database
(1)Definitions. For the purpose of this chapter, unless the context otherwise requires:

"National Electronic Interstate Compact Enterprise system" or "NEICE system" means the national electronic web-based system for administration of the interstate compact on the placement of children made available to states by the American Public Human Services Association through its affiliate, the Association of Administrators of the Interstate Compact on the Placement of Children.

"Security requirements" means all policies or system security guidance established by the department and the office of the chief information officer related to the use of external computer systems for the storage of personally identifiable data elements of applicants for and recipients of department services. Security requirements as defined herein include but are not necessarily limited to completion by the vendor of the then current cybersecurity framework made available by the National Institute of Standards and Technology, department confirmation that the system has passed the cybersecurity framework analysis, completion by the vendor of an information security risk assessment acceptable to the department, performance by the vendor of a system penetration test acceptable to the department, and an application scan for vulnerabilities, as well as remediation of any vulnerabilities identified.

(2)Department obligation to provide data to the NEICE system.
a. At all times that the NEICE system meets security requirements, the department shall place in the system all data elements and information that the system is configured to accept concerning children subject to the interstate compact.
b. Prior to placing personally identifiable data elements in the NEICE system, the department shall confirm that the NEICE system complies with all security requirements. If at any time after placement of personally identifiable data in the NEICE system the department determines that the NEICE system fails to meet all security requirements or that personally identifiable data placed in the system by the department has been used or disclosed inappropriately, the department may cease using the NEICE system and may demand that all data provided by the department be removed from the system.

Iowa Admin. Code r. 441-142.10

Adopted by IAB November 30, 2022/Volume XLV, Number 11, effective 2/1/2023