Section 280-RICR-30-10-3.5 - Management of DatabaseA. Duties of Designated Agent 1. The designated agent shall update the database. The database shall be updated on the frequency set forth in R.I. Gen. Laws § 31-47.4-2 by the designated agent with records provided by the insurers of each motor vehicle insurance policy in effect for vehicles registered in the state of Rhode Island. At least twice per month the database shall be updated by records from the Division of Motor Vehicles on all active motor vehicle registrations.B. Conduct Data Comparisons 1. Using the information contained within the database the designated agent shall conduct data comparisons of all current motor vehicles registrations as provided by the Division of Motor Vehicles against the insurance information as provided by the insurers. Data comparisons shall consist of: a. All active registration data transferred to the database by the Division of Motor Vehicles (see § 3.4(A)(1) of this Part) shall be compared against all insurance policy information in the database as transferred by the insurer (see §§ 3.3(B)(1) and (2) of this Part).b. Comparisons will match vehicle/owner information for all active registrations against all active insurance policies for individual vehicles in the state. Vehicles that are actively registered and do not have a corresponding insurance policy will be listed on a report.c. Should a vehicle be listed as actively registered and not have a corresponding insurance policy for the time period set forth in R.I. Gen. Laws § 31-47.4-4 the designated agent shall begin the notification procedures (see § 3.7 of this Part).C. Provide Data to Division of Motor Vehicles 1. On a daily basis the designated agent shall provide the Division of Motor Vehicles with a list of vehicles and owners who have had active registrations for the time period set forth in R.I. Gen. Laws § 31-47.4-4 and who have failed to respond to the first and second Notices of Request for Insurance Verification.D. Database Security 1. The designated agent shall implement security protocols so as to safeguard against unauthorized access to the database and to ensure the integrity of the information contained within the database, which shall include: a. Hosting Facility Security Protocol (1) Database shall be contained within a secure hosting facility hosted and maintained to a DoD classification Sensitive Compartmented Information Facility (SCIF) level. Physical control to the hosting facility shall be strictly controlled and very limited. Two-factor authentication (biometric and proximity card) shall be required for employees. Facility security shall include video/audio surveillance and 24-hour Security Force.2. Firewall Security Protocol a. Two firewalls shall be put in place, an external firewall for the whole system and an internal firewall to provide security for the database servers. Firewalls shall provide fine-grained access control with the ability to identify, mitigate, and fully report on the most sophisticated security threats. Firewalls shall be configured so that everything is denied or disabled by default and only those ports and protocols that are required for the database functionality are enabled.3. Virus Protection Security Protocol a. Shall include daily updates with the most current virus software as well as automated virus scanning of all files on the servers.4. Intrusion Detection System Protocol a. Shall include ongoing review of network intrusion events.5. System Monitoring/Review Protocol a. Shall include ongoing review of system security events as well as ongoing Monitoring of system performance and application performance.280 R.I. Code R. § 280-RICR-30-10-3.5
Adopted effective 12/31/2018