Cal. Code Regs. Tit. 11, § 999.190 - Computer Security Auditor Application Procedure

Current through Register 2022 Notice Reg. No. 14, April 8, 2022

(a) An individual must be approved by the ERDS Program prior to contracting with a County Recorder to serve as a Computer Security Auditor.
(b) An individual applying for approval as a Computer Security Auditor shall submit to the ERDS Program all of the following:
(1) An Application for Computer Security Auditor Approval form #ERDS 0002 (Rev. 08/2020), incorporated by reference herein, which shall be dated and signed with a declaration under penalty of perjury under the laws of the State of California that all information contained therein, and all information submitted with the application, is true, correct, and complete; an acknowledgment that providing any false or dishonest information in connection with the application may be grounds for denial or subsequent termination or suspension of approval; and an attestation that the applicant is not an Authorized Submitter, Agent of an Authorized Submitter, or Certified Vendor of ERDS Software as defined in this chapter. The applicant must also indicate on the Application for Computer Security Auditor Approval form #ERDS 0002 one or more of the following geographical locations they are seeking approval for as a Computer Security Auditor:
(A) Northern California, which consists of the counties of Amador, Alpine, Butte, Colusa, Del Norte, El Dorado, Glenn, Humboldt, Lake, Lassen, Marin, Mendocino, Modoc, Napa, Nevada, Placer, Plumas, Sacramento, Shasta, Sierra, Siskiyou, Solano, Sonoma, Sutter, Tehama, Trinity, Yolo, and Yuba.
(B) Central California, which consists of the counties of Alameda, Calaveras, Contra Costa, Fresno, Inyo, Kern, Kings, Madera, Mariposa, Merced, Mono, Monterey, San Benito, San Francisco, San Joaquin, San Luis Obispo, San Mateo, Santa Clara, Santa Cruz, Stanislaus, Tulare, and Tuolumne.
(C) Southern California, which consists of the counties of Imperial, Los Angeles, Orange, Riverside, San Bernardino, Santa Barbara, San Diego, and Ventura.
(2) At least one of the following to demonstrate has met the significant experience criteria required for approval as a Computer Security Auditor:
(A) A copy of the applicant's Certified Internal Auditor certification in good standing from the Institute of Internal Auditors attached to the Application for Computer Security Auditor Approval form #ERDS 0002, and a completed Reference(s) for ERDS Computer Security Auditor form #ERDS 0004 (May 2011) listing reference contacts for whom the applicant has worked within the last five (5)-year period who can verify the applicant has at least two (2) years of experience in the evaluation and analysis of Internet security design and in conducting security testing procedures, and specific experience performing Internet penetration studies.
(B) A copy of the applicant's Certified Information Systems Auditor certification in good standing from the Information Systems Audit and Control Association attached to the Application for Computer Security Auditor Approval form #ERDS 0002, and a completed Reference(s) for ERDS Computer Security Auditor form #ERDS 0004 (May 2011) listing reference contacts for whom the applicant has worked within the last five (5)-year period who can verify the applicant has at least two (2) years of experience in the evaluation and analysis of Internet security design and in conducting security testing procedures, and specific experience performing Internet penetration studies.
(C) A copy of the applicant's Certified Fraud Examiner certification in good standing from the Association of Certified Fraud Examiners attached to the Application for Computer Security Auditor Approval form #ERDS 0002 and a completed Reference(s) for ERDS Computer Security Auditor form #ERDS 0004 (May 2011) listing reference contacts for whom the applicant has worked within the last five (5)-year period who can verify the applicant has at least two (2) years of experience in the evaluation and analysis of Internet security design and in conducting security testing procedures, and specific experience performing Internet penetration studies.
(D) A copy of the applicant's Certified Information Systems Security Professional certification in good standing from the International Information Systems Security Certification Consortium attached to the Application for Computer Security Auditor Approval form #ERDS 0002 and a completed Reference(s) for ERDS Computer Security Auditor form #ERDS 0004 (May 2011) listing reference contacts for whom the applicant has worked within the last five (5)-year period who can verify the applicant has at least two (2) years of experience in the evaluation and analysis of Internet security design and in conducting security testing procedures, and specific experience performing Internet penetration studies.
(E) A copy of the applicant's Global Information Assurance Certification in good standing from the SysAdmin, Audit, Network, Security Institute attached to the Application for Computer Security Auditor Approval form #ERDS 0002 and a completed Reference(s) for ERDS Computer Security Auditor form #ERDS 0004 (May 2011) listing reference contacts for whom the applicant has worked within the last five (5)-year period who can verify the applicant has at least two (2) years of experience in the evaluation and analysis of Internet security design and in conducting security testing procedures, and specific experience performing Internet penetration studies.
(3) Proof of fingerprint submission.

Notes

Cal. Code Regs. Tit. 11, § 999.190

Note: Authority cited: Section 27393, Government Code. Reference: Sections 27393(b)(2), 27393(b)(3), 27393(b)(9), 27394, 27395(a) and 27395(b), Government Code.

1. New article 7 (sections 999.190-999.197) and section filed 7-31-2007; operative 8-30-2007 (Register 2007, No. 31).
2. Amendment filed 8-11-2014; operative 10-1-2014 (Register 2014, No. 33).
3. Amendment filed 10-7-2019; operative 1-1-2020 (Register 2019, No. 41).
4. Change without regulatory effect amending Application for Computer Security Auditor Approval form #ERDS 0002 (incorporated by reference) and amending subsections (b)(1) and (b)(2)(A)-(E) filed 5-27-2021 pursuant to section 100, title 1, California Code of Regulations (Register 2021, No. 22). Filing deadline specified in section 100, title 1, California Code of Regulations extended 60 calendar days pursuant to Executive Order N-40-20 and an additional 60 calendar days pursuant to Executive Order N-71-20.
5. Change without regulatory effect amending subsection (b)(1) filed 12-6-2021 pursuant to section 100, title 1, California Code of Regulations (Register 2021, No. 50).

The following state regulations pages link to this page.



State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.