Skip to content
LexBuild

45 CFR § 310.15 - What are the safeguards and processes that comprehensive Tribal IV-D agencies must have in place to ensure the security and privacy of Computerized Tribal IV-D Systems and Office Automation? 

---
identifier: "/us/cfr/t45/s310.15"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "45 CFR § 310.15 - What are the safeguards and processes that comprehensive Tribal IV-D agencies must have in place to ensure the security and privacy of Computerized Tribal IV-D Systems and Office Automation?"
title_number: 45
title_name: "Public Welfare"
section_number: "310.15"
section_name: "What are the safeguards and processes that comprehensive Tribal IV-D agencies must have in place to ensure the security and privacy of Computerized Tribal IV-D Systems and Office Automation?"
chapter_name: "OFFICE OF CHILD SUPPORT SERVICES, ADMINISTRATION OF FAMILIES AND SERVICES, DEPARTMENT OF HEALTH AND HUMAN SERVICES"
part_number: "310"
part_name: "COMPUTERIZED TRIBAL IV-D SYSTEMS AND OFFICE AUTOMATION"
positive_law: false
currency: "2026-04-05"
last_updated: "2026-04-05"
format_version: "1.1.0"
generator: "[email protected]"
authority: "42 U.S.C. 655(f) and 1302."
regulatory_source: "75 FR 8520, Feb. 25, 2010, unless otherwise noted."
cfr_part: "310"
---

# 310.15 What are the safeguards and processes that comprehensive Tribal IV-D agencies must have in place to ensure the security and privacy of Computerized Tribal IV-D Systems and Office Automation?

(a) *Information integrity and security.* The comprehensive Tribal IV-D agency must have safeguards on the integrity, accuracy, completeness, access to, and use of data in the Computerized Tribal IV-D System and Office Automation. Computerized Tribal IV-D Systems and Office Automation should be compliant with the Federal Information Security Management Act, and the Privacy Act. The required safeguards must include written policies and procedures concerning the following:

(1) Periodic evaluations of the system for risk of security and privacy breaches;

(2) Procedures to allow Tribal IV-D personnel controlled access and use of IV-D data, including:

(i) Specifying the data which may be used for particular IV-D program purposes, and the personnel permitted access to such data;

(ii) Permitting access to and use of data for the purpose of exchanging information with State and Tribal agencies administering programs under titles IV-A, IV-E and XIX of the Act to the extent necessary to carry out the comprehensive Tribal IV-D agency's responsibilities with respect to such programs;

(3) Maintenance and control of application software program data;

(4) Mechanisms to back-up and otherwise protect hardware, software, documents, and other communications; and,

(5) Mechanisms to report breaches or suspected breaches of personally identifiable information to the Department of Homeland Security, and to respond to those breaches.

(b) *Monitoring of access.* The comprehensive Tribal IV-D agency must monitor routine access to and use of the Computerized Tribal IV-D System and Office Automation through methods such as audit trails and feedback mechanisms to guard against, and promptly identify, unauthorized access or use;

(c) *Training and information.* The comprehensive Tribal IV-D agency must have procedures to ensure that all personnel, including Tribal IV-D staff and contractors, who may have access to or be required to use confidential program data in the Computerized Tribal IV-D System and Office Automation are adequately trained in security procedures.

(d) *Penalties.* The comprehensive Tribal IV-D agency must have administrative penalties, including dismissal from employment, for unauthorized access to, disclosure or use of confidential information.