SB 272 Enterprise Systems Catalog

Existing law, the California Public Records Act, requires state and local agencies to make their records available for public inspection, unless an exemption from disclosure applies. The act declares that access to information concerning the conduct of the people's business is a fundamental and necessary right of every person in this state.

Senate Bill No. 272 approved on October 11, 2015 adds a section to the California Public Records Act requiring local agencies to create a catalog of enterprise systems by July 1, 2016 with annual updates.

More information on Senate Bill No. 272




SB 272 Requires that the County disclose a list of the enterprise systems utilized by the agency and, for each system, shall also disclose all of the following:​

  • Current system vendor
  • Current system product.
  • A brief statement of the system's purpose.
  • A general description of categories or types of data
  • The department that serves as the system's primary custodian.
  • How frequently system data is collected
  • How frequently system data is updated


"Enterprise system" means a software application or computer system that collects, stores, exchanges, and analyzes information that the agency uses that is both of the following:​

  • (A) A multi-departmental system or a system that contains information collected about the public.​
  • (B) A system of record.​

"System of record" means a system that serves as an original source of data within an agency.​


An enterprise system shall not include any of the following:​

  • Information technology security systems, including firewalls and other cybersecurity systems.​
  • Physical access control systems, employee identification management systems, video monitoring, and other physical control systems.​
  • Infrastructure and mechanical control systems, including those that control or manage street lights, electrical, natural gas, or water or sewer functions.​
  • Systems related to 911 dispatch and operation or emergency services.​
  • Systems that would be restricted from disclosure pursuant to Section 6254.19.​ 
  • The specific records that the information technology system collects, stores, exchanges, or analyzes.