(a) Information integrity and security. The comprehensive Tribal IV-D agency must have safeguards on the integrity, accuracy, completeness, access to, and use of data in the Computerized Tribal IV-D System and Office Automation. Computerized Tribal IV-D Systems and Office Automation should be compliant with the Federal Information Security Management Act, and the Privacy Act. The required safeguards must include written policies and procedures concerning the following:
- (1) Periodic evaluations of the system for risk of security and privacy breaches;
(2) Procedures to allow Tribal IV-D personnel controlled access and use of IV-D data, including:
- (i) Specifying the data which may be used for particular IV-D program purposes, and the personnel permitted access to such data;
- (ii) Permitting access to and use of data for the purpose of exchanging information with State and Tribal agencies administering programs under titles IV-A, IV-E and XIX of the Act to the extent necessary to carry out the comprehensive Tribal IV-D agency's responsibilities with respect to such programs;
- (3) Maintenance and control of application software program data;
- (4) Mechanisms to back-up and otherwise protect hardware, software, documents, and other communications; and,
- (5) Mechanisms to report breaches or suspected breaches of personally identifiable information to the Department of Homeland Security, and to respond to those breaches.