SB 272 COMPLIANCE - ENTERPRISE SYSTEMS

Catalog of Enterprise Resources
Senate Bill 272 (SB 272) requires local agencies to create catalogs of all enterprise systems that store information about the public and to post this catalog on their websites. This law applies to all California special districts, cities and counties, and compliance is required by July 1, 2016.

Catalog of Enterprise Resources (Click Here)

WHAT IS COVERED BY SB 272?
SB 272 defines an enterprise system as a software application or computer system that collects, stores, exchanges, and analyzes information that the agency uses and meets the following:

o Multi-departmental system or system that contains information collected about the public
o Is the official system of record that serves as an original source of data within an agency

WHAT IS EXCLUDED?
Enterprise systems do not include systems that would reveal vulnerabilities to or otherwise increase the potential for an attack on a public agency's IT system. These include:

o Physical access control systems, employee identification management systems, video monitoring and other physical control systems
o Infrastructure and mechanical control systems, including those that control or manage street lights, electrical, natural gas or water or sewer functions
o Systems related to 911 dispatch and operation or emergency services
o Systems that would be restricted from disclosure by Section 6254.19
o The specific records that the information technology system collects, stores, exchanges or analyzes

WHAT IS REQUIRED IN THE CATALOG?
For each enterprise system included in the catalog list, agencies must disclose:

o Current system vendor
o Current system product
o The purpose of the system
o What kind of data is stored in it
o The department that serves as the system's primary custodian
o How frequently system data is collected
o How frequently system data is updated

For the full text of the bill, see SB-272 The California Public Records Act: Local Agencies: Inventory