(a) Facilities.
(1) Arkansas Crime Information Center (ACIC) access devices shall be placed in areas with adequate physical security that will:
- (A) Prevent access by the public or other nonofficial personnel;
- (B) Prevent access by unauthorized agency personnel; and
- (C) Allow access to a minimum number of authorized agency personnel.
- (2) Internal procedures shall be implemented that will protect not only access devices, but also technical documents and any records associated with entries in the state and national systems.
- (3) Identification shall be required before admitting equipment maintenance personnel or other officials from outside the agency.
(b) Security checks.
- (1) ACIC will conduct periodic on-site security inspections in all interface agencies to ensure compliance with the ACIC System Service Agreement, as well as ACIC, National Crime Information Center (NCIC), and National Law Enforcement Telecommunications System (NLETS) security policies.
- (2) Agencies will permit the inspector, after proper identification, to conduct appropriate review of all hardware, software, communications interfaces, and operating procedures relating to the ACIC, NCIC, and NLETS systems.
- (3) Results of inspections will be reported to departmental officials.
- (4) Security violations that remain uncorrected will be reported to the Supervisory Board for the Arkansas Crime Information Center.
- (c) Technical security. Interface agencies will be required to implement and/or comply with special technical security standards designed to prevent unauthorized access to information.
- (d) Disposal of documents. When printouts, listings, or other official records from the ACIC system are disposed of, it must be done by shredding, burning, or other appropriate methods that will prevent any subsequent access by unauthorized persons or for unauthorized purposes.