Serving our community
since 1917
Montecito Fire Protection District
Fire Danger - Moderate

SB 272 Catalog of Enterprise Systems

What is SB 272?

SB 272 requires local agencies (excluding school districts) to create catalogs of all enterprise systems that store information about the public, and to post this catalog on their websites, if they have websites. If they do not have a website, they are required to publish the catalog in a way that can be provided to anyone who asks. This law applies to all California special districts, cities and counties, and compliance is required by July 1, 2016.

Governor Brown approved SB 272 in October 2015, adding section 6270.5 to the California Public Records Act (the “Act,” Government Code Sections 6250-6276.48). Because it was added to the Public Records Act, local agencies will not be able to seek reimbursement from the State for costs associated with compliance.

What is covered by SB 272?

Section 6270.5 defines an enterprise system as a software application or computer system that collects, stores, exchanges, and analyzes information that the agency uses that is:

  1. a multidepartmental system or system that contains information collected about the public and
  2. a system of record

A system of record means a system that serves as an original source of data within an agency. 

SB 272 requires local agencies to create a catalog of multidepartmental systems or systems containing information about the public that store original records and post the catalog on their agency website.

What is required in the catalog?

For each enterprise system included in the catalog list, agencies must disclose: 

  • Current system vendor
  • Current system product
  • The purpose of the system
  • What kind of data is stored in it
  • The department that serves as the system's primary custodian
  • How frequently system data is collected
  • How frequently system data is updated

For the full text of the bill, see https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201520160SB272

SB 272 Catalog of Enterprise Systems
 Vendor  Product  Purpose  Data Category  Custodian  Collection Frequency  Update Frequency
 Adobe  Adobe Pro 8 and  11  Fillable Forms  Document
 Management
 District Wide

 As
 Needed

 As Needed
 Microsoft   Exchange 2013  Email  Email System  IT  As
 Needed
 As
 Needed
 Ameravant  Ameravant  District Website  Website  Website Host
 and Administrative  Personnel
 As
 Needed

 As
 Needed

 CrewSense  CrewSense  Workforce  Management  Customer Information  System  District Wide  As
 Needed

 As
 Needed

 ESRI  ArcGIS  GIS Software  GIS  IT and Fire Prevention  Bureau  As
 Needed
 As
 Needed
 Autodesk  AutoCAD 2010  Mapping of District  Mapping  IT and Fire Prevention  Bureau  As
 Needed
 As
 Needed
 NeoGov  Applicant  Tracking  Online Application  System  Applicant Tracking  Battalion Chief  As
 Needed
 As
 Needed

What is excluded?

Enterprise systems do not include cybersecurity systems, infrastructure and mechanical control systems, or information that would reveal vulnerabilities to, or otherwise increase the potential for an attack on, a public agency's IT system.
Additionally, section 6270.5 does not automatically require disclosure of the specific records that the IT systems collect, store, exchange or analyze, however, the Act's other provisions pertaining to disclosure of such records still apply.
Darker Background.Lighter Background.