Technology provider application forms shall require:
(1) the type or types of authorization to which the application applies:
- (a) IPEN;
- (b) platform;
- (c) credential analysis;
- (d) identity proofing; or
- (e) custodian;
(2) contact information:
- (a) the information specified in Rule .0402(2) of this Section for the applicant;
- (b) the information specified in Rule .0402(3) of this Section for the registered agent of a business entity that is an applicant;
(c) the information specified in Rule .0402(1) of this Section for:
- (i) the applicant's key individuals; and
- (ii) the applicant's compliance contact employee designated pursuant to Item (4)(b) of this Rule, except that the residential address shall not be required; and
(3) the following general information about the technology provider applicant and its business:
- (a) the type of business entity;
- (b) all states and nations in which the technology provider applicant has obtained a certificate of authority to do business, or its equivalent;
- (c) all assumed business names, trade names, or "doing business as" names used by the applicant in North Carolina, other states, or nations;
- (d) all fictitious or equivalent names registered with the Department or other states or nations because the business' legal name is not available. Note: An example would be a fictitious name registered with the Department pursuant to G.S. 55D-22(a)(6);
- (e) for legal actions, the information required by 18 NCAC 07J .0416;
- (f) for debarment involving the applicant or the applicant's key individuals, the information specified in 18 NCAC 07J .0414;
- (g) for disciplinary actions, the information specified in 18 NCAC 07J .0418;
- (h) for voluntary exclusion in lieu of debarment involving the applicant or the applicant's key individuals, the information specified in 18 NCAC 07J .0415;
- (i) for bankruptcy, the information required by 18 NCAC 07J .0420;
- (j) a summary of its most recent IT security audit as required by 18 NCAC 07J .0621;
(4) the following information related to the authorization that the applicant seeks:
- (a) the name of the product and the version number for which authorization is sought;
- (b) the full name of the compliance contact who meets the requirements of, and has the duties set forth in, 18 NCAC 07J .0406;
- (c) minimum hardware and software specifications as required by 18 NCAC 07J .0608;
(5) the following information regarding the applicant's provision of the same or similar notarial services in jurisdictions other than North Carolina:
- (a) the name of each state, tribe or nation; and
- (b) for each named jurisdiction, the information required by 18 NCAC 07J .0405;
- (6) a URL link to the information that the applicant is required to provide pursuant to 18 NCAC 07J .0607;
(7) information regarding whether the applicant's services as a technology provider have within the preceding five years been the subject of:
- (a) a security breach; or
- (b) a ransomware attack, as defined at G.S. 143B-1320(a)(14a);
- (8) identification and information for third-party vendors, supporting vendors, and businesses pursuant to 18 NCAC 07J .0408-.0411;
(9) the applicant's certifications, compliance reports, or equivalents by independent third-party entities with:
- (a) the information required by 18 NCAC 07J .0413; and
(b) if the certifications, compliance reports, or equivalents have levels, grades, or annotations, those applicable to the applicant;
Note: Examples of acceptable certifications are ISO 270001 and SOC2;
- (10) the applicant's certification that it complies with the requirements to have and implement the plans required by 18 NCAC 07J Section .0600; and
(11) signature by a key individual employed by the technology provider applicant who has the authority to:
- (a) bind the applicant;
- (b) make certifications required by this Rule and the rules in 18 NCAC Subchapter 07J; and
(c) declare under penalty of perjury that:
- (i) the information provided is true and complete to the best of the signer's knowledge and belief;
- (ii) the application was prepared under the signer's authority and supervision;
- (iii) the applicant agrees that representations, promises, and assurances of performance in the application are binding on it; and
- (d) the date on which the application was signed.
History Note: Authority G.S. 10B-4; 10B-126(d); 10B-134.19; 10B-134.21; 10B-134.23(b);
Eff. July 1, 2025.