South African Airways Act, 2007
R 385
South African Police Service Act, 1995 (Act No. 68 of 1995)RegulationsForensic DNA Regulations, 201528. Information technology infrastructure and systems |
| (1) | The Divisional Commissioner: Technology Management Services must, after consultation with the authorised officer, implement and maintain information technology systems to— |
| (a) | support an efficient DNA examination service; |
| (b) | ensure that effective system solutions are maintained for the capturing of fingerprint numbers and buccal samples, together with the suspect information on CAS/ICDMS system and CRIM system; |
| (c) | perform the comparative search, verification of potential forensic investigative leads, linking forensic DNA investigative leads to other forensic investigative leads, reporting of forensic DNA investigative leads and administration of the NFDD; |
| (d) | provide for adequate system solutions to support the combining and management reporting of different forensic investigative leads (such as forensic DNA, ballistics and fingerprints) to the investigating officers on the CAS/ICDMS and BI systems; and |
| (e) | provide adequate system solutions to provide members of the detective service functionality to manage unsolved serial and multiple offender cases and compile a profile of persons and suspects identified through forensic investigative leads. |
| (2) | The information technology systems for DNA examinations and system solution of the NFDD must have adequate security measures to prevent unauthorised access and maintain data integrity, including annual risk assessments and adequate disaster recovery measures. The Divisional Commissioner: Technology Management Services must annually report to the Board on measures taken to ensure the integrity of the data on the casework systems and NFDD system. |
| (3) | The Divisional Commissioner: Technology Management Services and the Managing Director of the State Information Technology Agency must ensure that risk assessments on the data integrity, access and security including disaster recovery is performed within 60 days after the coming into operation of the Act, on the system solution for the NFDD, CRIM, CAS/ICDMS, DE-STRIab, AFIS, IBIS, FSL Admin, PCEM and other forensic systems. |
| (4) | A risk assessment must be conducted on an annual basis to ensure the data integrity and the effectiveness of the security measures. |
| (5) | The risk assessment report must take into consideration current industry standards, identify shortcomings and recommend measures to address the shortcomings and best practices. The risk assessment report and the implementation plan to address and resolve the identified shortcomings must be submitted to the Minister of Police within 30 days after the risk assessment has been performed. |
| (6) | The Divisional Commissioner: Technology Management Services and the Managing Director of the State Information Technology Agency must report on a quarterly basis to the Minister of Police on the progress with mitigating the risks identified. |
