...
Each type of document that may be submitted will require one of a number of levels of certification authority on the part of the submitting entity, ranging from simple registration to formal signature authority. Regardless of the required level of authority, nFORM will electronically certify and retain the submission. Additionally, where a formal signature authority is required, nFORM uses an electronic signature device to certify an electronic document submitted to the agency. The use of this electronic signature device establishes proof of identity and intent on the part of the submitting user and is designed to be equivalent to a “wet ink” signature.
| Anchor | ||||
|---|---|---|---|---|
|
nFORM allows users to create a user account via a registration process. During the registration process, the user provides information about themselves such as their name, phone number, physical address, and a unique identifier, in the form of the user’s email address, to be used as the account login. No two users can have the identical user account logins, and account logins cannot be re-used if the original account login is no longer needed or used by a user.
...
nFORM will send an automated email to the user with a hyperlink used to confirm their email address. The user will need to click on the link to confirm their account in order to enable their user account. Until the user account is confirmed, the user will not be able to login to the account.
| Anchor | ||||
|---|---|---|---|---|
|
nFORM allows external users to have one of three types or levels of authorization:
...
Forms that do not require a user account to allow submissions from users without a user account.
Forms that require only the self-registered level of authorization to allow for submission by any registered user. Typically, security/user identity verification is not required in this situation.
Forms that require at least a verified user level of authorization are used where a basic user identity verification will suffice for the form submission.
Forms that require an electronic signatory authority typically have signature requirements based on regulatory requirements for the data collection or if the data will be shared with the federal government. Forms that fall under the requirements of the EPA CROMERR rule will require this level of authority.
| Anchor | ||||
|---|---|---|---|---|
|
Self-Registered Users
Upon initial user account creation in nFORM, all external users are given the self-registered level of authorization. This grants basic permissions to submit applications and reports that require no further verification of the user’s identity.
...
The user’s account identifier, challenge questions, and answers together are used to establish the user’s electronic signature within the nFORM system.
| Anchor | ||||
|---|---|---|---|---|
|
Self-Registered User, Authorized Submitter, and Verified User Forms
...
The integrity of the electronic certification and submission contents may be verified at any time by recalculating the signature and submission contents using the original encryption key. If any part of the copy of record was altered, including the electronic signature information, result would differ from the original, allowing the system to detect the change.
| Anchor | ||||
|---|---|---|---|---|
|
It should be noted that a system alone cannot be deemed CROMERR compliant. Compliance is based on the systems specific implementation, both technical features and business process for each client’s specific usage. For example, if Arkansas DEQ submitted a CROMERR application for nFORM, and it was accepted by the EPA, then Arkansas DEQ’s nFORM implementation can be considered CROMERR compliant. If New York DEC wished to obtain CROMERR compliance, New York DEC would need to submit an application for their implementation of nFORM.
...