Title 502 | Chapter 030 | Regulation 050
PREVIOUS VERSION
The previous document that this document is based upon is available.
502 KAR 30:050.Security of centralized criminal history record information.
Section 1.
Procedures shall be implemented in the centralized criminal history record information system to insure that access to criminal history record information is restricted to authorized persons. The ability to access, modify, change, update, purge, or destroy information shall be limited to authorized criminal justice personnel, or other authorized persons who provide operational support, such as programming or maintenance. Technologically advanced software or hardware designs shall be implemented to prevent unauthorized access to criminal history record information.Section 2.
Procedures shall be implemented in the centralized criminal history information system to determine what persons have authority to enter in areas where criminal history information is stored and implement access control measures to insure entry is limited to specific areas where authorization is valid. Further, access control measures shall be implemented to insure unauthorized persons are totally denied access to areas where criminal history record information is stored. Access constraints shall include the system facilities, systems operating environments, data file contents, whether while in use or when stored in media library, and system documentation.Section 3.
Procedures shall be implemented in the centralized criminal history information system to insure that computer operations that support the criminal history record information data base, whether dedicated or shared, operate in accordance with procedures developed or approved by the Justice and Public Safety Cabinet, and further insure that:(1)
CHRI is stored by the computer in such a manner that it cannot be modified, destroyed, accessed, changed, purged, or overlaid in any fashion by unauthorized persons.(2)
Operational programs shall be used that will prohibit inquiry, record updates, or destruction of records, from any terminal other than designated terminals within the Criminal Identification and Records Branch.(3)
The destruction, partial deletion, total deletion, or record correction shall be limited to designated terminals under the direct control of Criminal Identification and Records Branch.(4)
Operational programs shall be used to detect and store for the output of designated criminal justice agency employees, all unauthorized attempts to penetrate any criminal history record information system, program or file.(5)
The programs specified in subsections (2) and (4) of this section shall be known only to criminal justice agency employees responsible for criminal history record information system control or individuals in agencies pursuant to a specific written agreement with the Justice and Public Safety Cabinet to provide the programs, and the operational programs shall be continuously kept under maximum security conditions.(6)
Procedures shall be instituted to assure that any individual or agency authorized direct access is responsible for:(a)
The physical security of criminal history record information under its control or in its custody; and(b)
The protections of information from unauthorized access, disclosure, or dissemination.Section 4.
Procedures shall be implemented in the centralized criminal history record information system to protect CHRI from unauthorized access, theft, sabotage, fire, flood, wind, or other natural or manmade disasters.Section 5.
Emergency Plans Required. Written plans and instructions dealing with emergencies described in Section 4 of this administrative regulation shall be developed in manual form and cover all foreseeable incidents ranging from minor accidents to major disasters causing the destruction of computer facilities, entire data bases, and CHRI contained in manual files. Employees of the centralized criminal history record information system shall be trained in procedures and specifically assigned responsibilities in case of an emergency. Plans and instructions shall include emergency shutdown and evacuation procedures, a disaster recovery plan to restart critical system functions, procedures for backup files for critical data such as fingerprint cards, and duplicate system designs. The commissioner of the Department of Kentucky State Police shall make available needed personnel to reinstitute the centralized criminal history record information system as soon as feasible after accident or disaster.HISTORY: (11 Ky.R. 1717; eff. 6-4-1985; 48 Ky.R. 1310, 2254; 49 Ky.R. 38; eff. 10-4-2022.)
FILED WITH LRC: June 14, 2022
CONTACT PERSON: Brenn Combs, Staff Attorney, 919 Versailles Road, Frankfort, Kentucky 40601, phone (502) 782-1800, fax (502) 573-1636, email brenn.combs@ky.gov.
502 KAR 30:050.Security of centralized criminal history record information.
Section 1.
Procedures shall be implemented in the centralized criminal history record information system to insure that access to criminal history record information is restricted to authorized persons. The ability to access, modify, change, update, purge, or destroySection 2.
Procedures shall be implemented in the centralized criminal history information system to determine what persons have authority to enter in areas where criminal history information is stored and implement access control measures to insure entry is limited to specific areas where authorization is valid. Further, access control measures shall be implemented to insure unauthorized persons are totally denied access to areas where criminal history record information is stored.Section 3.
Procedures shall be implemented in the centralized criminal history information system to insure that computer operations that(1)
CHRI is stored by the computer in such a manner that it cannot be modified, destroyed, accessed, changed, purged, or overlaid in any fashion by unauthorized persons.(2)
Operational programs shall be(3)
The destruction, partial deletion, total deletion, or record correction shall be(4)
Operational programs shall be(5)
The programs specified in subsections (2) and (4) of this section shall be(6)
Procedures shall be(a)
The physical security of criminal history record information under its control or in its custody; and(b)
The protections ofSection 4.
Procedures shall be implemented in the centralized criminal history record information system to protect CHRI from unauthorized access, theft, sabotage, fire, flood, wind, or other natural or manmade disasters.Section 5.
Emergency Plans Required. Written plans and instructions dealing with emergencies described in Section 4 of this administrative regulation shall be developed in manual form and cover all foreseeable incidents ranging from minor accidents to major disasters causing the destruction of computer facilities, entire data bases, andSection 6.
(1)
(2)
(3)
(4)
(5)
HISTORY: (11 Ky.R. 1717; eff. 6-4-1985; 48 Ky.R. 1310, 2254; 49 Ky.R. 38; eff. 10-4-2022.)
FILED WITH LRC: June 14, 2022
CONTACT PERSON: Brenn Combs, Staff Attorney, 919 Versailles Road, Frankfort, Kentucky 40601, phone (502) 782-1800, fax (502) 573-1636, email brenn.combs@ky.gov.