California Government Code Section 12168.7

CA Govt Code § 12168.7 (2017)  

(a) The California Legislature hereby recognizes the need to adopt uniform statewide standards for the purpose of storing and recording permanent documents in electronic media.

(b) In order to ensure that uniform statewide standards remain current and relevant, the Secretary of State shall approve and adopt appropriate standards established by the American National Standards Institute.

(c) The standards specified in subdivision (b) shall include a requirement that a trusted system be utilized. For this purpose and for purposes of Sections 25105, 26205, 26205.1, 26205.5, 26907, 27001, 27322.2, 34090.5, and 60203, Section 102235 of the Health and Safety Code, and Section 10851 of the Welfare and Institutions Code, “trusted system” means a combination of technologies, policies, and procedures for which there is no plausible scenario in which a document retrieved from or reproduced by the system could differ substantially from the document that is originally stored.

(d) A cloud computing storage service that complies with International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry-recognized standard relating to security techniques and information security management, and provides administrative users with controls to prevent stored records from being overwritten, deleted, or altered shall be considered a trusted system.

(e) A trusted system shall comply with applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual. This requirement applies to state agencies and does not apply to local government entities.

(f) For purposes of this section “cloud computing” is defined by the National Institute of Standards and Technology Special Publication 800-145 or a successor publication, and includes the service and deployment models referenced therein.

(g) State officials shall ensure that microfilming, electronic data imaging, and photographic reproduction are done in compliance with the minimum standards or guidelines, or both, as recommended by the American National Standards Institute for recording of permanent records.

(h) Nothing in this section shall prohibit a local government entity from adopting applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual for purposes of utilizing a trusted system as defined in subdivision (c).

(Amended by Stats. 2017, Ch. 834, Sec. 1. (AB 22) Effective January 1, 2018.)

Last modified: October 25, 2018