Current through Register Vol. 48, No. 11, November 22, 2024
All agencies must provide security for any information that is subject to these regulations. These security principles and standards apply to both manual and automated information systems. The standards for both types of systems include access restraints, personnel security and control, disaster protection, training, and other technical security controls SLED CJIS deems necessary.
A. Access restraints to criminal history record information and the area in which it is located ensure that access to the following is restricted to authorized agencies and personnel: criminal history record information; system facilities; system operating environments; file contents, whether in use or stored in a media library; and system documentation.(1) Physical locations such as records rooms, computer facilities, computer terminal locations, and rooms where files are kept will have access restraints.(2) Areas containing criminal history records must be secured by physical barriers or attended by agency personnel who restrict access.(3) Criminal history record information, when in areas with no access restraints, must be kept in cabinets or desks which can be locked.(4) All personnel who are allowed to access criminal history record information must be subjected to a criminal history background investigation in accordance with SLED policy.(5) Each criminal justice agency must control access to its criminal history record information, and must screen employees and other individuals who may have access to criminal history record information stored within the agency.B. Criminal justice agencies must ensure that appropriate disciplinary action is taken whenever personnel violate security rules.(1) Personnel control measures apply to the following employees, if those employees have access to criminal history record information, or use an automated system which can access criminal history record information: agency's employees, other public employees who work in the computer center, and private employees.(2) Agencies must ensure that criminal justice agency employees and all personnel having access to criminal history record information are familiar with access and dissemination rules.C. Criminal justice agencies must develop means to protect both automated and manual systems from natural or man-made disasters. These measures must protect any repository of criminal history record information from unauthorized access, theft, sabotage, fire, flood, wind, or natural or man made disasters.D. Personnel whose duties require access to criminal history record information must be instructed in all access and security measures and procedures. SLED/CJIS must provide basic training in this area for all criminal justice agencies.Amended by State Register Volume 14, Issue No. 3, eff March 23, 1990; State Register Volume 25, Issue No. 9, eff September 28, 2001.