13 CFR 102.33 - Security of systems of records.

§ 102.33 Security of systems of records.

(a) Each Program/Support Office Head or designee shall establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent unauthorized disclosure of records, and to prevent physical damage to or destruction of records. The stringency of these controls shall correspond to the sensitivity of the records that the controls protect. At a minimum, each office's administrative and physical controls shall ensure that:

(1) Records are protected from public view;

(2) The area in which records are kept is supervised during business hours to prevent unauthorized persons from having access to them;

(3) Records are inaccessible to unauthorized persons outside of business hours; and

(4) Records are not disclosed to unauthorized persons or under unauthorized circumstances in either oral or written form.

(b) Each Program/Support Office Head or designee shall establish procedures that restrict access to records to only those individuals within the SBA who must have access to those records in order to perform their duties and that prevent inadvertent disclosure of records.

(c) The OCIO shall provide SBA offices with guidance and assistance for privacy and security of electronic systems and compliance with pertinent laws and requirements.

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.

United States Code
Presidential Documents

Executive Order ... 12600