Cal. Code Regs. Tit. 11, § 999.165 - Establishing an ERDS

Current through Register 2022 Notice Reg. No. 14, April 8, 2022

(a) A County Recorder may establish an ERDS upon approval by the Board of Supervisors and system certification by the ERDS Program.

(b) A County Recorder establishing an ERDS shall include in the County's ERDS a secure method for accepting for delivery, and, when applicable, return of a digital or digitized record.

(c) A County Recorder establishing an ERDS shall be responsible for overall security of an ERDS.

(d) A County Recorder establishing an ERDS shall assign responsibility by contract or agreement to all Authorized Submitters and/or Agents who have Secure Access to that ERDS.

(e) Prior to entering into a contract with an Authorized Submitter described in Government Code Section 27391(c)(1), a County Recorder shall require the Authorized Submitter and any Agent submitting documents on behalf of the Authorized Submitter to provide proof of financial responsibility in the form of a certificate of insurance evidencing one million dollars ($1,000,000) of general liability coverage.

(f) A County Recorder shall be responsible for ensuring an ERDS meets the requirements of this chapter.

(g) A County Recorder shall enter into a contract with a Computer Security Auditor, who has a valid Computer Security Auditor Certificate issued by the ERDS Program, for the purpose of meeting the audit and oversight requirements as set forth in this chapter.

(h) A County Recorder shall be required to verify, prior to entering into a contract with a Certified Vendor of ERDS Software, if any, that the vendor has a valid Certified Vendor of ERDS Software Certificate issued by the ERDS Program.

(i) The County Recorder shall be responsible for administering an ERDS and establishing and following ERDS policies and procedures that include all of the following requirements:

(1) Define roles and responsibilities to ensure digital and digitized records are correctly and securely submitted, delivered, and, when applicable, returned to the intended recipients. Textual disclaimers or verbal disclaimers alone shall not be sufficient to control access to digital and digitized records under the control of an ERDS.

(2) Maintain a list of all individuals designated as having Secure Access to operate the ERDS. A copy of the list of all users with Secure Access shall be maintained for review during audits and local inspections.

(3) Ensure users with roles authorized to access and operate the ERDS understand and sign the Acknowledgement of Responsibilities form #ERDS 0012 (Rev. 08/2020), incorporated by reference herein, and that a copy is maintained for review during audits and local inspections.

(4) Establish ERDS operating procedures and/or incorporate features within the ERDS design in order to restrict the content to meet the requirements of this chapter.

Notes

Cal. Code Regs. Tit. 11, § 999.165

Note: Authority cited: Sections 27393, 27394(a) and 27394(c), Government Code. Reference: Sections 27391, 27392(a), 27393, 27394(a), 27394(c), 27394(f) and 27397.5, Government Code

1. New article 6 (sections 999.165-999.179) and section filed 7-31-2007; operative 8-30-2007 (Register 2007, No. 31).
2. Amendment of subsections (h)(2) and (h)(3) filed 8-11-2014; operative 10-1-2014 (Register 2014, No. 33).
3. Amendment of section and Note filed 10-7-2019; operative 1-1-2020 (Register 2019, No. 41).
4. Change without regulatory effect amending Acknowledgement of Responsibilities form #ERDS 0012 (incorporated by reference) and amending subsection (i)(3) filed 5-27-2021 pursuant to section 100, title 1, California Code of Regulations (Register 2021, No. 22). Filing deadline specified in section 100, title 1, California Code of Regulations extended 60 calendar days pursuant to Executive Order N-40-20 and an additional 60 calendar days pursuant to Executive Order N-71-20.