South Carolina Code of Regulations
Chapter 113 - SECRETARY OF STATE
Article 3 - UNIFORM REAL PROPERTY RECORDING ACT
Section 113-320 - Document and System Security Requirements

Universal Citation: SC Code Regs 113-320

Current through Register Vol. 48, No. 3, March 22, 2024

Security procedures shall be implemented to ensure the authenticity and integrity of the electronically filed instrument, including the ability to verify the identity of the filer, as well as the ability to verify that an instrument has not been altered since it was transmitted or filed. In order to protect the integrity of instruments to be recorded electronically, a participating register and authorized filers shall meet the security procedure requirements set forth below.

A. An electronic recording delivery system implemented by a register shall provide a secure method for accepting and recording digital or digitized electronic instruments. The system shall not permit an authorized filer or its employees and agents, or any third party, to modify, manipulate, insert or delete information in the public record maintained by the register, or information in electronic records submitted pursuant to Regulation Regulation 113-300 to 113-400. Security standards implemented by registers shall accommodate electronic signatures and notarization of documents in a manner that complies with S.C. Code Section 30-6-10 et seq. and that address the following encryption requirements. The electronic recording delivery system shall:

(1) support, at a minimum, 128-bit file and image encryption over a secure network;

(2) provide for periodic updates to encryption by the electronic recording delivery system vendor;

(3) advise the authorized filer of its liabilities and responsibilities for keeping its keys secure;

(4) provide a secure key management system for the administration and distribution of cryptographic keys; and

(5) require all encryption keys to be generated through an approved encryption package and securely stored.

B. The electronic recording delivery system shall control interactive access to the system through authentication processes that:

(1) utilize a process of requesting, granting, administering and terminating accounts;

(2) address the purpose, scope, responsibilities and requirements for managing accounts;

(3) designate one or more individuals to manage accounts; and

(4) provide for secure delivery of the authorized filer(s) initial password(s) and prohibit the transmission of identification and authentication information (password) without the use of industry accepted encryption standards.

C. Registers shall have a key management system in place for the secure administration and distribution of cryptographic keys.

(1) The electronic recording delivery system shall authenticate the authorized filer's private key.

(2) Authorized filers shall establish internal controls to ensure the security of the private key is not compromised and certify compliance with the register as part of the MOU.

(3) Security of private keys compromised within the electronic recording delivery system shall be promptly addressed by the register.

D. A risk analysis to identify potential threats to the electronic recording delivery system and the environment in which it operates shall be conducted at least once every three years by the register. The purpose of the risk analysis is to prevent the filing and recording of fraudulent instruments or alteration of instruments that were previously filed and recorded electronically. A risk analysis shall identify and evaluate system and environmental vulnerabilities and determine the loss impact if one or more vulnerabilities are exploited by a potential threat. The risk analysis shall include:

(1) a risk mitigation plan that defines the process for evaluating the system;

(2) documentation of management decisions regarding actions to be taken to mitigate vulnerabilities;

(3) identification and documentation of implementation of security controls as approved by management; and

(4) a reassessment of the electronic recording delivery system security after recommended controls have been implemented or in response to newly discovered threats and vulnerabilities.

E. Authorized filers who are enrolled in a participating register's electronic filing and recording program shall implement security procedures for all electronic filing transmissions and shall be responsible for maintaining the security of the systems within their respective offices.

F. Electronic recording delivery systems shall protect against system and security failures and, in addition, shall provide normal backup and disaster recovery mechanisms.

Disclaimer: These regulations may not be the most recent version. South Carolina may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.