The server on which the DNA databank resides shall be located in a secure area to prevent unauthorized physical access in accordance with NDIS requirements. All forensic DNA laboratories which use or contribute data to the DNA databank shall choose CODIS compatible software and hardware designs which prevent unauthorized access to DNA records. Each participating laboratory must have a written information systems plan which specifies the architecture of the laboratory's computer hardware and the structure of security comprising the access control component of the computer software employed. The information systems plan must demonstrate that an electronic audit trail is maintained for activities related to the entering or editing of DNA records. In addition, the information systems plan shall conform with all applicable information security rules, regulations, and policies. The division, in consultation with forensic DNA laboratory directors, shall develop model documents to assist forensic DNA laboratories in complying with the requirements of this Part. A final information systems plan shall be submitted by the laboratory for review and approval by the division prior to the laboratory gaining access as a participant in the DNA databank. The division shall determine the acceptability of each laboratory information systems plan. The NYS standards must be designed and applied in such a way as to allow compliant participating forensic DNA laboratories to participate in the FBI's CODIS program.
N.Y. Comp. Codes R. & Regs. Tit. 9 § 6192.5