As noted in Executive Law section 995-b(9)(vi), "Operational programs shall be used to detect and store for the output of the division or its designee all unauthorized attempts to penetrate the DNA databank." The division shall certify to the DNA subcommittee and commission that the DNA databank hardware and software architecture has been appropriately designed, implemented and safeguarded to eliminate the realistic chance that such unauthorized attempts to penetrate the DNA databank could go undetected. This certification shall be made based on conformance of the DNA databank with all applicable information security rules, regulations, and policies. The division shall maintain this certification in a file with the written information system plans from participant laboratories (see section 6192.5 of this Part). A current certification must be on file at the division at all times.
N.Y. Comp. Codes R. & Regs. Tit. 9 § 6192.9