Amended IN Senate September 08, 2017 Amended IN Senate July 17, 2017 Amended IN Senate July 03, 2017 Amended IN Senate June 05, 2017 Amended IN Assembly April 17, 2017 CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION Assembly Bill No. 22Introduced by Assembly Member BontaDecember 05, 2016 An act to amend Section 12168.7 of the Government Code, relating to state government.LEGISLATIVE COUNSEL'S DIGESTAB 22, as amended, Bonta. Secretary of State: storing and recording electronic media.Existing law requires the Secretary of State to approve and adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media, as specified, and requires those standards to include a requirement that a trusted system, as defined, be utilized.This bill would provide that a cloud computing storage service that provides administrative users with tools or controls to prevent stored records from being overwritten, deleted, or altered until the required retention period for the record has expired shall be considered a trusted system and would require a cloud computing storage service to comply with standards published by the International Organization for Standardization, or other applicable industry recognized standard relating to security techniques and information security management systems.This bill would specify that a trusted system, for these purposes, includes cloud computing, as defined, that meets specified requirements.Existing law provides that the Department of Technology is responsible for establishing and enforcing information technology plans, policies, and standards, and in furtherance thereof, publishes the Statewide Information Management Manual and is responsible for information technology provisions of the State Administrative Manual.This bill would provide that the standards in these manuals apply to a trusted system.Existing law requires the Secretary of State to adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management.This bill would delete this reference to the Association for Information and Image Management.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: NO Local Program: NO Bill TextThe people of the State of California do enact as follows:SECTION 1. Section 12168.7 of the Government Code is amended to read:12168.7. (a) The California Legislature hereby recognizes the need to adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media.(b) In order to ensure that uniform statewide standards remain current and relevant, the Secretary of State shall approve and adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management. Institute.(c) The standards specified in subdivision (b) shall include a requirement that a trusted system be utilized. For this purpose and for purposes of Sections 25105, 26205, 26205.1, 26205.5, 26907, 27001, 27322.2, 34090.5, and 60203, Section 102235 of the Health and Safety Code, and Section 10851 of the Welfare and Institutions Code, trusted system means a combination of technologies, policies, and procedures for which there is no plausible scenario in which a document retrieved from or reproduced by the system could differ substantially from the document that is originally stored.(d) A cloud computing storage service that complies with International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry-recognized standard relating to security techniques and information security management, and provides administrative users with tools or controls to prevent stored records from being overwritten, deleted, or altered until the required retention period for the record has expired shall be considered a trusted system. A cloud computing storage service shall comply with the International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry recognized standard relating to security techniques and information security management systems.(e) A trusted system shall comply with applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual. This requirement applies to state agencies and does not apply to local government entities. (e)(f) For purposes of this section cloud computing is defined by the National Institute of Standards and Technology Special Publication 800-145 or a successor publication, and includes the service and deployment models referenced therein.(f)In order to develop statewide standards as expeditiously as possible, and until the time that statewide standards are adopted pursuant to subdivision (b), state(g) State officials shall ensure that microfilming, electronic data imaging, and photographic reproduction are done in compliance with the minimum standards or guidelines, or both, as recommended by the American National Standards Institute or the Association for Information and Image Management for recording of permanent records or nonpermanent records.(h) Nothing in this section shall prohibit a local government entity from adopting applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual for purposes of utilizing a trusted system as defined in subdivision (c).
Amended IN Senate September 08, 2017 Amended IN Senate July 17, 2017 Amended IN Senate July 03, 2017 Amended IN Senate June 05, 2017 Amended IN Assembly April 17, 2017 CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION Assembly Bill No. 22Introduced by Assembly Member BontaDecember 05, 2016 An act to amend Section 12168.7 of the Government Code, relating to state government.LEGISLATIVE COUNSEL'S DIGESTAB 22, as amended, Bonta. Secretary of State: storing and recording electronic media.Existing law requires the Secretary of State to approve and adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media, as specified, and requires those standards to include a requirement that a trusted system, as defined, be utilized.This bill would provide that a cloud computing storage service that provides administrative users with tools or controls to prevent stored records from being overwritten, deleted, or altered until the required retention period for the record has expired shall be considered a trusted system and would require a cloud computing storage service to comply with standards published by the International Organization for Standardization, or other applicable industry recognized standard relating to security techniques and information security management systems.This bill would specify that a trusted system, for these purposes, includes cloud computing, as defined, that meets specified requirements.Existing law provides that the Department of Technology is responsible for establishing and enforcing information technology plans, policies, and standards, and in furtherance thereof, publishes the Statewide Information Management Manual and is responsible for information technology provisions of the State Administrative Manual.This bill would provide that the standards in these manuals apply to a trusted system.Existing law requires the Secretary of State to adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management.This bill would delete this reference to the Association for Information and Image Management.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: NO Local Program: NO
Amended IN Senate September 08, 2017 Amended IN Senate July 17, 2017 Amended IN Senate July 03, 2017 Amended IN Senate June 05, 2017 Amended IN Assembly April 17, 2017
Amended IN Senate September 08, 2017
Amended IN Senate July 17, 2017
Amended IN Senate July 03, 2017
Amended IN Senate June 05, 2017
Amended IN Assembly April 17, 2017
CALIFORNIA LEGISLATURE 20172018 REGULAR SESSION
Assembly Bill No. 22
Introduced by Assembly Member BontaDecember 05, 2016
Introduced by Assembly Member Bonta
December 05, 2016
An act to amend Section 12168.7 of the Government Code, relating to state government.
LEGISLATIVE COUNSEL'S DIGEST
## LEGISLATIVE COUNSEL'S DIGEST
AB 22, as amended, Bonta. Secretary of State: storing and recording electronic media.
Existing law requires the Secretary of State to approve and adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media, as specified, and requires those standards to include a requirement that a trusted system, as defined, be utilized.This bill would provide that a cloud computing storage service that provides administrative users with tools or controls to prevent stored records from being overwritten, deleted, or altered until the required retention period for the record has expired shall be considered a trusted system and would require a cloud computing storage service to comply with standards published by the International Organization for Standardization, or other applicable industry recognized standard relating to security techniques and information security management systems.This bill would specify that a trusted system, for these purposes, includes cloud computing, as defined, that meets specified requirements.Existing law provides that the Department of Technology is responsible for establishing and enforcing information technology plans, policies, and standards, and in furtherance thereof, publishes the Statewide Information Management Manual and is responsible for information technology provisions of the State Administrative Manual.This bill would provide that the standards in these manuals apply to a trusted system.Existing law requires the Secretary of State to adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management.This bill would delete this reference to the Association for Information and Image Management.
Existing law requires the Secretary of State to approve and adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media, as specified, and requires those standards to include a requirement that a trusted system, as defined, be utilized.
This bill would provide that a cloud computing storage service that provides administrative users with tools or controls to prevent stored records from being overwritten, deleted, or altered until the required retention period for the record has expired shall be considered a trusted system and would require a cloud computing storage service to comply with standards published by the International Organization for Standardization, or other applicable industry recognized standard relating to security techniques and information security management systems.
This bill would specify that a trusted system, for these purposes, includes cloud computing, as defined, that meets specified requirements.
Existing law provides that the Department of Technology is responsible for establishing and enforcing information technology plans, policies, and standards, and in furtherance thereof, publishes the Statewide Information Management Manual and is responsible for information technology provisions of the State Administrative Manual.
This bill would provide that the standards in these manuals apply to a trusted system.
Existing law requires the Secretary of State to adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management.
This bill would delete this reference to the Association for Information and Image Management.
## Digest Key
## Bill Text
The people of the State of California do enact as follows:SECTION 1. Section 12168.7 of the Government Code is amended to read:12168.7. (a) The California Legislature hereby recognizes the need to adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media.(b) In order to ensure that uniform statewide standards remain current and relevant, the Secretary of State shall approve and adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management. Institute.(c) The standards specified in subdivision (b) shall include a requirement that a trusted system be utilized. For this purpose and for purposes of Sections 25105, 26205, 26205.1, 26205.5, 26907, 27001, 27322.2, 34090.5, and 60203, Section 102235 of the Health and Safety Code, and Section 10851 of the Welfare and Institutions Code, trusted system means a combination of technologies, policies, and procedures for which there is no plausible scenario in which a document retrieved from or reproduced by the system could differ substantially from the document that is originally stored.(d) A cloud computing storage service that complies with International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry-recognized standard relating to security techniques and information security management, and provides administrative users with tools or controls to prevent stored records from being overwritten, deleted, or altered until the required retention period for the record has expired shall be considered a trusted system. A cloud computing storage service shall comply with the International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry recognized standard relating to security techniques and information security management systems.(e) A trusted system shall comply with applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual. This requirement applies to state agencies and does not apply to local government entities. (e)(f) For purposes of this section cloud computing is defined by the National Institute of Standards and Technology Special Publication 800-145 or a successor publication, and includes the service and deployment models referenced therein.(f)In order to develop statewide standards as expeditiously as possible, and until the time that statewide standards are adopted pursuant to subdivision (b), state(g) State officials shall ensure that microfilming, electronic data imaging, and photographic reproduction are done in compliance with the minimum standards or guidelines, or both, as recommended by the American National Standards Institute or the Association for Information and Image Management for recording of permanent records or nonpermanent records.(h) Nothing in this section shall prohibit a local government entity from adopting applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual for purposes of utilizing a trusted system as defined in subdivision (c).
The people of the State of California do enact as follows:
## The people of the State of California do enact as follows:
SECTION 1. Section 12168.7 of the Government Code is amended to read:12168.7. (a) The California Legislature hereby recognizes the need to adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media.(b) In order to ensure that uniform statewide standards remain current and relevant, the Secretary of State shall approve and adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management. Institute.(c) The standards specified in subdivision (b) shall include a requirement that a trusted system be utilized. For this purpose and for purposes of Sections 25105, 26205, 26205.1, 26205.5, 26907, 27001, 27322.2, 34090.5, and 60203, Section 102235 of the Health and Safety Code, and Section 10851 of the Welfare and Institutions Code, trusted system means a combination of technologies, policies, and procedures for which there is no plausible scenario in which a document retrieved from or reproduced by the system could differ substantially from the document that is originally stored.(d) A cloud computing storage service that complies with International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry-recognized standard relating to security techniques and information security management, and provides administrative users with tools or controls to prevent stored records from being overwritten, deleted, or altered until the required retention period for the record has expired shall be considered a trusted system. A cloud computing storage service shall comply with the International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry recognized standard relating to security techniques and information security management systems.(e) A trusted system shall comply with applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual. This requirement applies to state agencies and does not apply to local government entities. (e)(f) For purposes of this section cloud computing is defined by the National Institute of Standards and Technology Special Publication 800-145 or a successor publication, and includes the service and deployment models referenced therein.(f)In order to develop statewide standards as expeditiously as possible, and until the time that statewide standards are adopted pursuant to subdivision (b), state(g) State officials shall ensure that microfilming, electronic data imaging, and photographic reproduction are done in compliance with the minimum standards or guidelines, or both, as recommended by the American National Standards Institute or the Association for Information and Image Management for recording of permanent records or nonpermanent records.(h) Nothing in this section shall prohibit a local government entity from adopting applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual for purposes of utilizing a trusted system as defined in subdivision (c).
SECTION 1. Section 12168.7 of the Government Code is amended to read:
### SECTION 1.
12168.7. (a) The California Legislature hereby recognizes the need to adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media.(b) In order to ensure that uniform statewide standards remain current and relevant, the Secretary of State shall approve and adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management. Institute.(c) The standards specified in subdivision (b) shall include a requirement that a trusted system be utilized. For this purpose and for purposes of Sections 25105, 26205, 26205.1, 26205.5, 26907, 27001, 27322.2, 34090.5, and 60203, Section 102235 of the Health and Safety Code, and Section 10851 of the Welfare and Institutions Code, trusted system means a combination of technologies, policies, and procedures for which there is no plausible scenario in which a document retrieved from or reproduced by the system could differ substantially from the document that is originally stored.(d) A cloud computing storage service that complies with International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry-recognized standard relating to security techniques and information security management, and provides administrative users with tools or controls to prevent stored records from being overwritten, deleted, or altered until the required retention period for the record has expired shall be considered a trusted system. A cloud computing storage service shall comply with the International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry recognized standard relating to security techniques and information security management systems.(e) A trusted system shall comply with applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual. This requirement applies to state agencies and does not apply to local government entities. (e)(f) For purposes of this section cloud computing is defined by the National Institute of Standards and Technology Special Publication 800-145 or a successor publication, and includes the service and deployment models referenced therein.(f)In order to develop statewide standards as expeditiously as possible, and until the time that statewide standards are adopted pursuant to subdivision (b), state(g) State officials shall ensure that microfilming, electronic data imaging, and photographic reproduction are done in compliance with the minimum standards or guidelines, or both, as recommended by the American National Standards Institute or the Association for Information and Image Management for recording of permanent records or nonpermanent records.(h) Nothing in this section shall prohibit a local government entity from adopting applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual for purposes of utilizing a trusted system as defined in subdivision (c).
12168.7. (a) The California Legislature hereby recognizes the need to adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media.(b) In order to ensure that uniform statewide standards remain current and relevant, the Secretary of State shall approve and adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management. Institute.(c) The standards specified in subdivision (b) shall include a requirement that a trusted system be utilized. For this purpose and for purposes of Sections 25105, 26205, 26205.1, 26205.5, 26907, 27001, 27322.2, 34090.5, and 60203, Section 102235 of the Health and Safety Code, and Section 10851 of the Welfare and Institutions Code, trusted system means a combination of technologies, policies, and procedures for which there is no plausible scenario in which a document retrieved from or reproduced by the system could differ substantially from the document that is originally stored.(d) A cloud computing storage service that complies with International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry-recognized standard relating to security techniques and information security management, and provides administrative users with tools or controls to prevent stored records from being overwritten, deleted, or altered until the required retention period for the record has expired shall be considered a trusted system. A cloud computing storage service shall comply with the International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry recognized standard relating to security techniques and information security management systems.(e) A trusted system shall comply with applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual. This requirement applies to state agencies and does not apply to local government entities. (e)(f) For purposes of this section cloud computing is defined by the National Institute of Standards and Technology Special Publication 800-145 or a successor publication, and includes the service and deployment models referenced therein.(f)In order to develop statewide standards as expeditiously as possible, and until the time that statewide standards are adopted pursuant to subdivision (b), state(g) State officials shall ensure that microfilming, electronic data imaging, and photographic reproduction are done in compliance with the minimum standards or guidelines, or both, as recommended by the American National Standards Institute or the Association for Information and Image Management for recording of permanent records or nonpermanent records.(h) Nothing in this section shall prohibit a local government entity from adopting applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual for purposes of utilizing a trusted system as defined in subdivision (c).
12168.7. (a) The California Legislature hereby recognizes the need to adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media.(b) In order to ensure that uniform statewide standards remain current and relevant, the Secretary of State shall approve and adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management. Institute.(c) The standards specified in subdivision (b) shall include a requirement that a trusted system be utilized. For this purpose and for purposes of Sections 25105, 26205, 26205.1, 26205.5, 26907, 27001, 27322.2, 34090.5, and 60203, Section 102235 of the Health and Safety Code, and Section 10851 of the Welfare and Institutions Code, trusted system means a combination of technologies, policies, and procedures for which there is no plausible scenario in which a document retrieved from or reproduced by the system could differ substantially from the document that is originally stored.(d) A cloud computing storage service that complies with International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry-recognized standard relating to security techniques and information security management, and provides administrative users with tools or controls to prevent stored records from being overwritten, deleted, or altered until the required retention period for the record has expired shall be considered a trusted system. A cloud computing storage service shall comply with the International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry recognized standard relating to security techniques and information security management systems.(e) A trusted system shall comply with applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual. This requirement applies to state agencies and does not apply to local government entities. (e)(f) For purposes of this section cloud computing is defined by the National Institute of Standards and Technology Special Publication 800-145 or a successor publication, and includes the service and deployment models referenced therein.(f)In order to develop statewide standards as expeditiously as possible, and until the time that statewide standards are adopted pursuant to subdivision (b), state(g) State officials shall ensure that microfilming, electronic data imaging, and photographic reproduction are done in compliance with the minimum standards or guidelines, or both, as recommended by the American National Standards Institute or the Association for Information and Image Management for recording of permanent records or nonpermanent records.(h) Nothing in this section shall prohibit a local government entity from adopting applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual for purposes of utilizing a trusted system as defined in subdivision (c).
12168.7. (a) The California Legislature hereby recognizes the need to adopt uniform statewide standards for the purpose of storing and recording permanent and nonpermanent documents in electronic media.
(b) In order to ensure that uniform statewide standards remain current and relevant, the Secretary of State shall approve and adopt appropriate standards established by the American National Standards Institute or the Association for Information and Image Management. Institute.
(c) The standards specified in subdivision (b) shall include a requirement that a trusted system be utilized. For this purpose and for purposes of Sections 25105, 26205, 26205.1, 26205.5, 26907, 27001, 27322.2, 34090.5, and 60203, Section 102235 of the Health and Safety Code, and Section 10851 of the Welfare and Institutions Code, trusted system means a combination of technologies, policies, and procedures for which there is no plausible scenario in which a document retrieved from or reproduced by the system could differ substantially from the document that is originally stored.
(d) A cloud computing storage service that complies with International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry-recognized standard relating to security techniques and information security management, and provides administrative users with tools or controls to prevent stored records from being overwritten, deleted, or altered until the required retention period for the record has expired shall be considered a trusted system. A cloud computing storage service shall comply with the International Organization for Standardization ISO/IEC 27001:2013, or other applicable industry recognized standard relating to security techniques and information security management systems.
(e) A trusted system shall comply with applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual. This requirement applies to state agencies and does not apply to local government entities.
(e)
(f) For purposes of this section cloud computing is defined by the National Institute of Standards and Technology Special Publication 800-145 or a successor publication, and includes the service and deployment models referenced therein.
(f)In order to develop statewide standards as expeditiously as possible, and until the time that statewide standards are adopted pursuant to subdivision (b), state
(g) State officials shall ensure that microfilming, electronic data imaging, and photographic reproduction are done in compliance with the minimum standards or guidelines, or both, as recommended by the American National Standards Institute or the Association for Information and Image Management for recording of permanent records or nonpermanent records.
(h) Nothing in this section shall prohibit a local government entity from adopting applicable standards articulated in the State Administrative Manual and the Statewide Information Management Manual for purposes of utilizing a trusted system as defined in subdivision (c).