18 NCAC 07B .0422          APPLICATION FOR TECHNOLOGY PROVIDER AUTHORIZATION – GENERAL

Technology provider application forms shall require:

(1)           the type or types of authorization to which the application applies:

(a)           IPEN;

(b)           platform;

(c)           credential analysis;

(d)           identity proofing; or

(e)           custodian;

(2)           contact information:

(a)           the information specified in Rule .0402(2) of this Section for the applicant;

(b)           the information specified in Rule .0402(3) of this Section for the registered agent of a business entity that is an applicant;

(c)           the information specified in Rule .0402(1) of this Section for:

(i)            the applicant's key individuals; and

(ii)           the applicant's compliance contact employee designated pursuant to Item (4)(b) of this Rule, except that the residential address shall not be required; and

(3)           the following general information about the technology provider applicant and its business:

(a)           the type of business entity;

(b)           all states and nations in which the technology provider applicant has obtained a certificate of authority to do business, or its equivalent;

(c)           all assumed business names, trade names, or "doing business as" names used by the applicant in North Carolina, other states, or nations;

(d)           all fictitious or equivalent names registered with the Department or other states or nations because the business' legal name is not available. Note: An example would be a fictitious name registered with the Department pursuant to G.S. 55D-22(a)(6);

(e)           for legal actions, the information required by 18 NCAC 07J .0416;

(f)            for debarment involving the applicant or the applicant's key individuals, the information specified in 18 NCAC 07J .0414;

(g)           for disciplinary actions, the information specified in 18 NCAC 07J .0418;

(h)           for voluntary exclusion in lieu of debarment involving the applicant or the applicant's key individuals, the information specified in 18 NCAC 07J .0415;

(i)            for bankruptcy, the information required by 18 NCAC 07J .0420;

(j)            a summary of its most recent IT security audit as required by 18 NCAC 07J .0621;

(4)           the following information related to the authorization that the applicant seeks:

(a)           the name of the product and the version number for which authorization is sought;

(b)           the full name of the compliance contact who meets the requirements of, and has the duties set forth in, 18 NCAC 07J .0406;

(c)           minimum hardware and software specifications as required by 18 NCAC 07J .0608;

(5)           the following information regarding the applicant's provision of the same or similar notarial services in jurisdictions other than North Carolina:

(a)           the name of each state, tribe or nation; and

(b)           for each named jurisdiction, the information required by 18 NCAC 07J .0405;

(6)           a URL link to the information that the applicant is required to provide pursuant to 18 NCAC 07J .0607;

(7)           information regarding whether the applicant's services as a technology provider have within the preceding five years been the subject of:

(a)           a security breach; or

(b)           a ransomware attack, as defined at G.S. 143B-1320(a)(14a);

(8)           identification and information for third-party vendors, supporting vendors, and businesses pursuant to 18 NCAC 07J .0408-.0411;

(9)           the applicant's certifications, compliance reports, or equivalents by independent third-party entities with:

(a)           the information required by 18 NCAC 07J .0413; and

(b)           if the certifications, compliance reports, or equivalents have levels, grades, or annotations, those applicable to the applicant;

Note: Examples of acceptable certifications are ISO 270001 and SOC2;

(10)         the applicant's certification that it complies with the requirements to have and implement the plans required by 18 NCAC 07J Section .0600; and

(11)         signature by a key individual employed by the technology provider applicant who has the authority to:

(a)           bind the applicant;

(b)           make certifications required by this Rule and the rules in 18 NCAC Subchapter 07J; and

(c)           declare under penalty of perjury that:

(i)            the information provided is true and complete to the best of the signer's knowledge and belief;

(ii)           the application was prepared under the signer's authority and supervision;

(iii)          the applicant agrees that representations, promises, and assurances of performance in the application are binding on it; and

(d)           the date on which the application was signed.

 

History Note:        Authority G.S. 10B-4; 10B-126(d); 10B-134.19; 10B-134.21; 10B-134.23(b);

Eff. July 1, 2025.