18 ncac 07j .0413          disclosure of certifications and compliance reports

A technology provider applicant shall disclose on its application each independent third-party certification, SOC 2 Type 2 compliance report, or equivalent pertaining to the electronic notary solution for which authorization is sought, with:

(1)           the name of the issuer of the certification, compliance report, or equivalent;

(2)           the name or title of the certification, compliance report, or equivalent;

(3)           the date of its issuance; and

(4)           its expiration date, if applicable.

Note: FIPS validation, NSA approval, FedRAMP, ISO 27001, or HITRUST are examples of an independent third-party certification or equivalent.

 

History Note:        Authority G.S. 10B-4; 10B-106; 10B-125(b); 10B-126; 10B-134.15; 10B-134.17; 10B-134.19; 10B-134.21; 10B-134.23;

Eff. July 1, 2025.