Cal. Code Regs. tit. 2 § 22703

Current through Register 2024 Notice Reg. No. 49, December 6, 2024
Section 22703 - Software Vendor Certification
(a) Each software vendor that intends to submit filings to CAL-ACCESS through the API shall be certified by the Secretary of State prior to transmission of any filings.
(b) In order for a software vendor to be certified by the Secretary of State, the software vendor shall:
(1) Complete, sign, and submit an application that includes the following information:
(A) The software vendor's name, address, public email address, and public telephone number;
(B) The name, title, email address, and telephone number for a point of contact for questions relating to certification;
(C) The name and major release version number of the electronic filing system;
(D) Whether the application relates to an initial request for certification or for re-certification; whether the electronic filing system has been previously approved by the Secretary of State; and, for applications relating to a previously approved electronic filing system, whether the electronic filing system has been modified in a way that changes the previously approved electronic filing system and requires new interface testing;
(E) What Fair Political Practices Commission forms the electronic filing system supports and the software vendor intends to have interface with the API;
(F) A signature verifying that the application signer has read the conditions for certification and agrees to all applicable certification procedures stated in the application; and
(G) Agreement to the following requirements:
1. To conduct interface testing.
2. To design an electronic filing system complies with the latest Electronic Filing Specifications in effect at the time of certification.
3. To design an electronic filing system that complies with the requirements of Government Code Section 84602(b)(1)(A).
4. To develop a procedure for filers to comply electronically with the requirement to verify and sign statements and reports under penalty of perjury. The certified software vendor's system shall collect and maintain a secure electronic signature of the required individual that is submitted under penalty of perjury and that conforms to Government Code Section 81004 and Civil Code Section 1633.11(b). The certified software vendor shall transmit to CAL-ACCESS, through the API, the name of the individual who verifies and signs the statement or report, as well as the date signed.
5. To design an electronic filing system that protects the security and integrity of the data and information stored and transmitted as required by Section 22704.
6. To design an electronic filing system that maintains all filing data for the period during which an administrative action can be brought against a filer and for the duration of any open administrative action, as more fully set forth in subdivision (b)(3).
(2) Successfully complete all certification testing of its system with the Secretary of State to determine whether the file format is in compliance with the Electronic Filing Specifications and is compatible with CAL-ACCESS by:
(A) Sending sample data through the API and ensuring that the data it posts to CAL-ACCESS is consistent with the data verified and signed by a filer in the electronic filing system; and
(B) Resolving all certification related defects identified through testing. If all defects cannot be resolved, the software vendor shall identify a mitigated workaround, submit that workaround in writing to the Secretary of State, and implement the workaround upon the Secretary of State's approval. This workaround shall remain in effect until the resolution of defects can be completed.
(3) Design its system such that all data filed using the electronic filing system may be maintained for the period during which an administrative action can be brought against a filer, as specified by Government Code Section 91000.5, and for the duration of any open administrative action, as follows:
(A) For the purpose of this paragraph, "data filed with CAL-ACCESS" means all of the information the filer submitted that was posted to CAL-ACCESS, the date and time the filer submitted that information, the filer's name, the filer's secure electronic signature, and identifying information about the filer such as their Internet Protocol (IP) address.
(B) For web-based software, save a copy of all data filed with CAL-ACCESS on the certified software vendor's servers, on a cloud, on optical discs, or by another such a way that the data will be accessible to the filer.
(C) For desktop-based software, save a copy of all data filed with CAL-ACCESS on the filer's local device. The software vendor shall not be liable for a filer who deletes or fails to maintain the data saved on his or her local device.
(c) Each software vendor may seek certification for some or all the Fair Political Practices Commission forms for which the API accepts filings. In addition, if a software vendor does not meet interface testing for a particular form, the Secretary of State may approve the software vendor for certification of fewer forms than the software vendor requests. The software vendor may resubmit for testing and approval the form(s) that did not meet requirements, and the Secretary of State may certify those forms without the software vendor submitting an additional application. If a software vendor seeks certification for a form that it did not apply for in its original application, the software vendor must submit a new application.
(d) The Secretary of State will not unreasonably withhold certification for minor testing defects. The Secretary of State will not withhold certification of an entire electronic filing system for issues constrained to a particular form. However, if the Secretary of State and the software vendor cannot come to an agreement to resolve outstanding defects that affect the entire system, the Secretary of State will not certify the software vendor.
(e) The Secretary of State will provide each certified software vendor with credentials to access the API. The certified software vendor shall not share these credentials.
(f) If a certified software vendor transfers, in whole or in part, its electronic filing system to another person or entity, the transferee must be independently certified with the Secretary of State in order to continue filing through the API. A transferee is not required to be certified with the Secretary of State if it does not continue filing through the API. The Secretary of State will not unreasonably withhold certification to the transferee.
(g) Each certified software vendor shall maintain compliance with the Electronic Filing Specifications, the requirements of Government Code Section 84602, and this Article in order to maintain certification. The Secretary of State may de-certify a certified software vendor that it discovers or determines is out of compliance, following the procedures described in Section 22708.

Cal. Code Regs. Tit. 2, § 22703

1. New section filed 11-12-2020; operative 11-12-2020 pursuant to Government Code section 11343.4(b)(3) (Register 2020, No. 46). Filing deadline specified in Government Code section 11349.3(a) extended 60 calendar days pursuant to Executive Order N-40-20.

Note: Authority cited: Section 84602, Government Code. Reference: Section 1633.11, Civil Code; and Sections 81004, 84602 and 91000.5, Government Code.

1. New section filed 11-12-2020; operative 11-12-2020 pursuant to Government Code section 11343.4(b)(3) (Register 2020, No. 46). Filing deadline specified in Government Code section 11349.3(a) extended 60 calendar days pursuant to Executive Order N-40-20.