Appendix JA7 specifies required functional and technical elements for Data Registries that provide services to authorized users and receive data to produce, register, retain, and distribute both copies of compliance documents and their associated Compliance Registration Packages required for compliance with Title 24, Part 6. The functional and technical elements specified in this document include the following:
- Document registration is defined.
- Roles and responsibilities for users and administrators of data registries are defined.
- Requirements for registered documents are defined.
- Requirements for configuration of project documents in the Data Registry are defined.
- Requirements for electronic and digital signatures used on registered documents are defined.
- Requirements for data exchange between Data Registries and external software tools are defined.
- Requirements for transmittal of copies of compliance documents and Compliance Registration Packages to a Commission Compliance Document Repository at time of registration are defined.
- Procedures for approval of Data Registries and software used for data input to data registries are defined.
Refer to the Data Registry Requirements Manual for additional guidance regarding functional and technical aspects of the requirements in Appendix JA7, including forms, to assist designers and builders in meeting the standards.
For the purposes of the specifications in Appendix JA7, the following definitions shall apply:
Application Programming Interface (API) is any software that serves as an intermediary between a Data Registry and any other software, database, data entry method, or EDDS.
Asymmetric Key Encryption is also known as public key encryption. This type of encryption uses a pair of keys that are mathematically related: one key for encryption and another key for decryption. In digital signature processing, a user is assigned a private key that is not shared with anyone, and a public key that is given to anyone who receives digitally signed material from the user.
From California Code of Regulations, Title 2. Section 22003, List of Acceptable Technologies: “The technology known as Public Key Cryptography is an acceptable technology for use by public entities in California...”
All major development environments such as Microsoft and Adobe support PKCS1 asymmetrical key encryption.
Authorized User is a person who has a user account with a Data Registry and is required to provide their correct username and password in order to access the Data Registry. Data Registry users may be required to provide professional licensure, certification or credential information, or other qualifying information as condition of receiving authority to provide signatures for certain types of documentation.
Commission means the State of California Energy Resources Conservation and Development Commission, commonly known as the California Energy Commission, also referred to as the Energy Commission.
Commission Compliance Document Repository (also known as an electronic document repository) is an electronic database and document storage software application used for retention of registered electronic Compliance Documents generated by Data Registries, and may also contain data and documentation relevant to other regulatory procedures administered by the California Energy Commission. The Commission Compliance Document Repository shall maintain these retained documents in accordance with Evidence Code sections 1530-1532 (in the custody of a public entity).
Compliance Data Exchange File is an XML file that contains compliance data used to populate a Compliance Document. The Compliance Data Exchange File is part of the Compliance Registration Package.
Compliance Document is one of the following documents required for demonstration of compliance with Title 24, Part 6: Certificate of Compliance, Certificate of Installation, Certificate of Acceptance, Certificate of Verification.
Compliance Registration Package means digitally signed or encrypted digital data that is transmitted to or from a Data Registry that contains the data required for registering a Compliance Document with a Data Registry, including the Compliance Data Exchange File. A commonly used method is the Zip file format, a data compression and archiving specification that is in the public domain. Files transmitted to or from a Data Registry using the Zip file format shall be password protected as described in JA7.6.3.2.7.
Compliance Report Generator is a web service maintained by the Commission that receives standardized document data exchange files from third party software approved by the Commission and produces the document registration package required to complete registered compliance documents in data registries that are approved by the Commission.
Compliance Software is software approved by the California Energy Commission for use in demonstrating compliance with the performance standards in Title 24, Part 6.
Cryptographic Hash Function is a mathematical function that creates a unique number that represents the contents of a block of data or text. In digital signature processing the data or text that the user is digitally signing is called the message. The number generated by the cryptographic hash function is called the message digest. To verify a copy of the message, the cryptographic hash function is applied to both the original message and the copy of the message, and the resulting message digests are compared. If they are both the same, then the copy is valid.
There is a number of cryptographic hash functions used in digital signature processing. All major development environments such as Microsoft and Adobe support the most commonly used hash algorithm family, SHA-1, SHA-256, SHA-384, SHA-512 hash algorithms which were developed by National Security Agency (NSA).
ENERGY CODE COMPLIANCE (ECC) PROGRAM is the program for field verification and diagnostic testing for residential construction as set forth in Section 10-103.3 to verify that newly constructed buildings and additions and alterations to existing buildings comply with the requirements of the Energy Code.
ECC-PROVIDER is an organization approved by the Commission to administer the ECC program pursuant to the requirements of Section 10-103.3.
ECC-RATER is a person trained, tested, and certified by an ECC-Provider to perform field verification and diagnostic testing for the ECC program pursuant to the requirements of Section 10-103.3.
ECC-RATER COMPANY is an organization certified by an ECC-Provider to offer field verification and diagnostic testing services by the ECC-Rater Company’s ECC-Raters for the ECC program pursuant to the requirements of Section 10-103.3.
VERIFIED ECC-RATER is an ECC-Rater that has achieved the status of “Verified” as set forth in Section 10-103.3(d)5B.
Data Registry is a web service with a user interface and database maintained by a Registration Provider that complies with the applicable requirements in Appendix JA7, with additional guidance from the Data Registry Requirements Manual, and provides for registration of residential or nonresidential compliance documentation used for demonstrating compliance with Title 24, Part 6.
- Residential Data Registry is a Data Registry that is maintained by an EEC-Provider, that provides for registration, when required by Title 24, Part 6, of all residential compliance documentation and the nonresidential Certificate of Verification.
- Nonresidential Data Registry is a Data Registry that is maintained by a Registration Provider approved by the Commission, that provides for registration, when required by Title 24, Part 6, of all nonresidential compliance documentation, excluding all Certificates of Acceptance recorded by an acceptance test technician certification provider (10-103.1 and 10-103.2). However, nonresidential data registries may not provide for registration of nonresidential Certificates of Verification.
Data Registry Requirements Manual is a document that provides additional detailed guidance regarding the functional and technical aspects of the Data Registry requirements given in Appendix JA7.
Digital Certificate is a computer-based record that contains a person's identifying information and the person's digital signature public key, as well as information about the certificate authority that issued the Digital Certificate and the certificate authority's digital signature verifying the authenticity of the person's identity and digital signature. Although California Code of Regulations, title 2, section 22003(a)(2)(C) states "although not all digitally signed communications will require the signer to obtain a certificate, the signer is capable of being issued a certificate to certify that he or she controls the key pair used to create the signature."
External Digital Data Source (EDDS) is a data transfer service approved by the Energy Commission to operate in conjunction with an approved Data Registry that allows authorized users of a Data Registry to transfer data from a digital data source external to the Data Registry as an alternative to the key-in data entry described in JA7.7.1.1 for registering compliance documents as required by Title 24 Part 6.
External Digital Data Source (EDDS) Provider is an organization that administers an EDDS that conforms to the requirements in Appendix JA7 with additional guidance given in the Data Registry Requirements Manual.
Digital Signature an electronic signature that incorporates cryptographic methods of originator authentication, allowing the identity of the signer and the integrity of the data to be verified. The regulations adopted by the Secretary of State that govern the use of Digital Signatures for use by public entities in California are found in the California Code of Regulations, Title 2, Division 7, Chapter 10 Digital Signatures.
Documentation Author is a person who prepares a Title 24, Part 6 compliance document that must subsequently be reviewed and signed by a responsible person in order to certify compliance with Part 6.
Electronic Signature is a "computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature.” (21 C.F.R. § 11.3).
For the purposes of using electronic signatures to sign compliance documents, the electronic signature shall be an electronic image of the signer’s handwritten signature.
Executive Director means the Executive Director of the Energy Commission.
Field Technician is a person who performs acceptance tests in accordance with the specifications in Appendix NA7 and reports the results of the acceptance tests on the Certificate of Acceptance in accordance with the requirements of Section 10-103(a)4.
Login (see Secure Login).
Message is a block of data or text that has been digitally signed.
Message Digest is the unique number generated when a Cryptographic Hash Function is applied to the Message which is the data or text that is digitally signed.
Password is a string of characters used for authenticating a user on a computer system.
Personal Computing Device includes desktop computers, laptops, smartphones, and tablets
Private Key is one of the keys in Asymmetric Key Encryption used in a Digital Signature. As its name implies, the Private Key should only be known to the owner of the Digital Signature. The private key is used to encrypt the Message Digest of the message that the user digitally signed.
Public Key is one of the keys in Asymmetric Key Encryption used in a Digital Signature. As its name implies, the Public Key must be made public to receivers of digitally signed documents in order to decrypt the Message Digest.
Registered Compliance Document is a compliance document that has been submitted to a residential or nonresidential Data Registry for retention, verified as valid with an XML schema approved by the Commission, and has gone through the registration process so that the Registered Document displays all applicable electronic signatures as well as the Registration Provider's digital certificate and the document's unique registration number. The image of the registered document is accessible for printing or viewing by authorized users of the Data Registry via the Registration Provider’s internet website. The registered document’s unique visible registration number is appended onto the document image by the Data Registry.
A Registered Document meets all applicable requirements in Standards Section 10-103(a) and Appendix JA7. Refer to the Data Registry Requirements Manual for additional guidance.
Registration is the process applicable to electronic Compliance Documents that are verified as complete by the Data Registry, and are electronically signed by all required Data Registry Authorized Users. Registration is initiated when an authorized Registration Signer signs the Compliance Document electronically where subsequently the Data Registry adds the Registration Signer's Electronic Signature to the signature block, appends a unique Registration Number to each page of the document, and then applies the Registration Provider's Digital certificate to the Compliance Document and displays the Registration Provider's digital signature appearance following the registration signers signature block. When Registration is complete, the Data Registry immediately and automatically transmits a copy of the completed Registered Compliance Document and Compliance Registration Package to the Commission Compliance Document Repository and also retains a copy of the Registered Compliance Document for use by authorized users for submittals.
Registration Number is an alphanumeric sequence of digits and delimiters appended to a Compliance Document when the document's Registration Signer provides his or her Electronic Signature to the Data Registry to complete Registration for any document. Each Registration Number shall be unique to only one document. The registration numbering convention utilizes specific digits to reference the document type, revision level, and the parent-child relationships between the compliance documents in a specific project.
Registration Provider is an organization that administers a Data Registry service that conforms to the requirements in Appendix JA7, with additional guidance given in the Data Registry Requirements Manual.
Registration Signer is a Responsible Person as defined in Title 24, Part 1, chapter 10, Sections 10-103(a)1, 10-103(a)3, 10-103(a)4, or 10-103(a)5 who has established a user account with a Data Registry and has provided sufficient evidence to the Registration Provider to qualify for the authorization to register applicable compliance documentation by providing an electronic signature. The Documentation Author or Field Technician, and Registration Signer on a compliance document may be one and the same person or they may be different persons.
Secure Login means the unique Username and Password given to an Authorized User for maintaining the security of the Data Registry.
Standards means the California Building Energy Efficiency Standards, codified in the California Code of Regulations, title 24, part 1, chapter 10, and part 6.
Standards Data Dictionary (SDD) is a dictionary that contains all data and technical terms used to describe building components, equipment, attributes and measurements that are regulated by the Standards. The purpose of the SDD is to provide the vocabulary that is used in expressing standards as well as published compliance documentation.
URI stands for Uniform Resource Indicator which is a standard for identifying a name or a resource on the Internet.
URL stands for Uniform Resource Locator is a type of URI used to identify locations on the World Wide Web.
Username is a name that uniquely identifies someone on a computer system. The Username is paired with a Password to create a Secure Login.
W3C stands for World Wide Web Consortium which is an international standards body that develops standards for the World Wide Web.
XML stands for Extensible Markup Language and is a set of rules for encoding documents in machine-readable form to facilitate the electronic transmission of documents. XML standard was developed by the W3C.
XML Schema refers to XML Schema Definition Language, commonly referred to as XSD, which is another standard defined by the W3C. An XML schema uses XSD to define a set of rules to which an XML document must conform in order to be considered valid according to that schema. The rules can include definition of major organizational units, definition of data elements and attributes data types, constraints on valid values such as upper and lower bounds, and whether data is required or optional.
XSL-FO stands for Extensible Stylesheet Language Formatting Objects and is a standard of the W3C for representing content from an XML document. It is based on a standard vocabulary of document plus formatting and layout directives that can be interpreted by a computer application called an FO processor. XSL-FO is commonly used as an intermediary to generate PDF and printable documents.
XSLT stands for Extensible Stylesheet Language Transformation which is a standard from the W3C for translating an XML document into another format such as XSL-FO or HTML.
A Data Registry is a web service with a user interface and database maintained by a Registration Provider that provides for registration of residential or nonresidential compliance documentation used for demonstrating compliance with Part 6. Data Registries shall conform to the requirements specified in Appendix JA7. Refer to the Data Registry Requirements Manual for additional guidance.
A Data Registry shall include the minimum functional features specified by Appendix JA7.
Document registration is the process for verifying, serializing, and signing electronic compliance documents produced using a method approved by the Commission. Approved Data Registries are the entities that implement and manage the procedures for registering documents. The procedures include authenticating and approving users to submit or sign electronic documents and data for registration, validating that these data and documents are completed in conformance with the requirements defined by the Standards Section 10-103(a) and Appendix JA7, and affixing the electronic signature of the Documentation Author. The registration process is completed only when an authorized registration signer signs the compliance document electronically; whereupon the Data Registry automatically performs the following actions:
- Adds the registration signer's electronic signature to the document's signature block. The electronic signature date of the registration signer shall be included either within the document itself or within the signature block.
- Appends a unique registration number to each page of the document.
- Applies the Registration Provider's digital certificate containing their digital signature to the entire compliance document.
- Displays the Registration Provider's digital signature in the signature block that includes a date and time stamp corresponding to the date and time of the document registration process conclusion.
- When the document registration process has concluded, the Data Registry shall immediately and automatically transmit a copy of the completed Registered Compliance Document and Compliance Registration Package to the Commission Compliance Document Repository.
- The Data Registry shall also retain a copy of the Registered Compliance Document for use by authorized users for submittals.
Paper copies of Registered Compliance Documents printed directly from the Data Registry website, or electronic copies downloaded from the Data Registry website shall be used for submittal to enforcement agencies or other parties to the building construction project.
The Registration Provider's digital signature provides for automatic electronic verification of the authenticity of electronic copies of registered documents.
The electronic copies of the registered documents and Compliance Registration Packages retained by the Commission Compliance Document Repository shall be utilized to satisfy public information requests, perform research, and shall be maintained in a manner conforming to Evidence Code sections 1530-1532 (in the custody of a public entity) for use in enforcement of the Standards.
Any person or entity wishing to have a Data Registry approved shall submit an application to the Energy Commission. Data Registries may be approved by the Energy Commission or by the Executive Director to provide document Registration services. Data Registries shall conform to the requirements of Appendix JA7. Refer to the Data Registry Requirements Manual for additional implementation guidance.
This section summarizes the roles and responsibilities for the individuals who participate in the document registration procedures administered by a Data Registry. However, this section is not a complete accounting of the responsibilities of the respective parties.
A Registration Provider is an entity that has been approved by the Energy Commission to provide Data Registry services. Registration Providers maintain Data Registries that conform to the requirements in Appendix JA7, with additional guidance specified in the Data Registry Requirements Manual. Registration Providers are required to retain completed Registered Compliance Documents and Compliance Registration Packages and make copies of the registered documents available to authorized users for submittals to enforcement agencies or to other parties to the building project that require the documents. Registration Providers make services available that enable authorized users of their Data Registry to verify the authenticity of paper and electronic copies of the retained registered documents.
In order to facilitate Commission oversight of a Registration Provider's documentation processes, the Registration Providers shall grant authorization to Energy Commission staff to view the data and documents retained in the Data Registry, and shall provide functionality that allows Energy Commission staff to query and download retained data or documents.
For residential compliance document registration, the Registration Provider shall be approved in accordance with the requirements in Section JA7.8, and shall also be an ECC-Provider approved by the Energy Commission.
For nonresidential compliance document registration, the Registration Provider shall be approved in accordance with the requirements in Section JA7.8.
The Registration Provider shall only use XML Schema approved by the Commission in a nonresidential data registry.
Authorized users are persons who have established a user account with a Data Registry and are required to provide their correct username and password in order to access the secured information in that Data Registry. Data Registry authorized users may be required to provide proof of professional licensure, professional certification, or other qualifying information as a condition for receiving authority to access records or provide signatures for certain types of documentation. User accounts shall be established for each Data Registry for which a user must gain access.
The information required to establish a user account with a Data Registry shall be determined by the Registration Provider who shall gather and verify any and all information necessary to validate a user applicant's identity or applicable professional qualifications as prerequisite to authorizing assignment to a user applicant an electronic signature, or permissions as a documentation author, or permissions as a registration signer.
Authorized Users may not share their Secure Login with any other individual for any purpose. Violation of this policy may constitute fraud, and can be cited as a reason for denial of access for all the persons involved, including the user who releases their Secure Login to another person or persons, and the person or persons who use the Secure Login to gain access the Data Registry.
The roles and responsibilities in the remainder of this section JA7.4 describe specific types of authorized users of the Data Registry.
Refer to the Data Registry Requirements Manual for additional guidance regarding user accounts and authorized users.
Data Registries may provide user accounts that allow users to view only certain records. These types of accounts may allow access to records to view, print or download copies of compliance documents in order to validate the information submitted to enforcement agencies on paper copies of registered documents, and for determining the status of completion of the full documentation package for a project.
Documentation Authors are persons who prepare Title 24, Part 6 compliance documents that must subsequently be reviewed and signed by a Registration Signer (responsible person) in order to certify compliance with Part 6.
Documentation Authors assist with input of information required to complete the compliance documents required for the registration procedures in a Data Registry. Documentation authors who provide support for preparation of compliance documents in a Data Registry shall establish a user account and an electronic signature authority with the Data Registry. Documentation Authors shall sign the documents they prepare, but documentation author signatures do not indicate or assume responsibility for the truth or validity of the information reported on a compliance document. Documentation Authors may engage in business relationships with the Registration Signers they assist, or they may be employees of the Registration Signers they assist.
The Field Technician is responsible for performing the acceptance test procedures and documenting the results of the acceptance tests on a Certificate of Acceptance. The Field Technician shall sign the Certificate of Acceptance to certify that the information he reports on the Certificate of Acceptance is true and correct. When registration of a Certificate of Acceptance is required, the Field Technician shall establish a user account and an electronic signature authority with the Data Registry in order to provide electronic signatures to complete the Certificate of Acceptance. When a Field Technician also performs the data input to prepare the Certificate of Acceptance documentation, the Field Technician shall also provide the documentation author signature on the Certificate of Acceptance. The Field Technician may be, but is not required to be the installer of the system that requires Acceptance Testing. Field Technicians shall be certified Acceptance Test Technicians (ATT) when required by Sections 10-103.1 or 10-103.2.
The Registration Signer is the person responsible for the work identified on a compliance document (Certificate of Compliance, Certificate of Installation, Certificate of Acceptance, or Certificate of Verification).
- For Certificate of Compliance documentation, the Registration Signer shall be eligible under Division 3 of the Business and Professions Code to accept responsibility for the building design.
- For Certificate of Installation documentation, the Registration Signer shall be eligible under Division 3 of the Business and Professions Code to accept responsibility for the building construction or installation in the applicable classification for the scope of work identified on the document.
- For Certificate of Acceptance documentation, the Registration Signer shall be eligible under Division 3 of the Business and Professions Code to accept responsibility for the system design, construction or installation in the applicable classification for the scope of work identified on the document.
- For Certificate of Verification documentation, the Registration Signer shall be a certified an ECC Rater.
The Registration Signer shall provide a signature to certify that the information reported on a compliance document for which he is responsible is true and correct. When registration of a compliance document is required, the Registration Signer shall establish a user account and an electronic signature authority with the Data Registry. When a Registration Signer also performs the data input to prepare a compliance document, the Registration Signer shall also provide the documentation author signature on the compliance document.
Standards Section 10-103(d) requires the Enforcement Agency to verify that all required compliance documents for a project are completed, signed, and submitted or posted as required by Standards Section 10-103(a). Thus, when Section 10-103(a) requires that a compliance document be registered with a Data Registry, the Enforcement Agency must verify that compliance documents submitted when applying for a permit, or posted in the field are registered documents. Such enforcement agency verification shall be by any valid means the Enforcement agency considers satisfactory.
Enforcement Agency persons may establish user accounts with data registries to enable viewing the compliance documents for projects for which their jurisdiction has enforcement authority.
Enforcement Agencies may be authorized to enter notations into project records in data registries to communicate plan check and field inspection information to builders, designers, installers, raters, and other parties to the project.
At any time, Commission staff may request access to those documents and associated Compliance Registration Package that a Registration Provider is required to maintain pursuant to Title 24, Part 1; Title 24, Part 6; or Appendix JA7. Upon receipt of a request for access, a Registration Provider shall provide Commission staff with copies of, or access to, those documents and associated Compliance Registration Package specified in the request within 30 days of receipt of the request, unless granted an extension by Commission staff.
If a Registration Provider fails to provide Commission staff with copies of, or access to, those documents and associated Compliance Registration Package, the Registration Provider shall explain in writing, fully and concisely, the basis for their failure to provide access or copies of those documents and associated Compliance Registration Package.
If a Registration Provider fails to comply with this or any other provision of Appendix JA7, Commission staff may initiate a review of the Registration Provider’s Data Registry approval pursuant to JA 7.8.4.2.
This subsection shall not be construed to limit existing enforcement oversight authority by Commission staff pursuant to any other provision of Appendix JA7.
All compliance documents for which registration is required shall be produced by a method approved by the Commission and then registered with an approved Data Registry by authorized users of the Data Registry. Procedures for submittal of required documentation to enforcement agencies and other parties to the building construction project are given in Reference Residential Appendix RA2, and Reference Nonresidential Appendices NA1. Standards Section 10-103(a) defines the administrative requirements for the compliance documents (Certificate of Compliance, Certificate of Installation, Certificate of Acceptance, and Certificate of Verification).
Compliance document layouts shall be defined by standardized data structures implemented according to the requirements given in JA7.7. Compliance documents produced by the Data Registry shall conform to the applicable informational content and graphical layout formatting approved by the Energy Commission.
The Data Registry shall be capable of tracking all compliance documentation and maintaining the correct associations between related documents within a building project. Any revisions to compliance documents shall be tracked and reported.
The Data Registry shall ensure that registered documents are retained such that they are available to authorized users for submittals to enforcement agencies or other parties to the building construction project that require copies of the Registered Compliance Documents.
Contingent upon the availability of a Commission Compliance Document Repository, the Data Registry shall immediately and automatically, upon concluding the registration of compliance documents, transmit a copy of each Registered Compliance Document and Compliance Registration Package to the Commission Compliance Document Repository in a manner prescribed by the Energy Commission.
The compliance document informational content, graphical layout, and formatting used by the Data Registry shall conform to the standardized document layouts and data structures approved by the Energy Commission as further described in Section JA7.7. Refer to the Data Registry Requirements Manual for additional guidance. The Data Registry shall be capable of receiving electronic compliance document images and data produced by the methods approved by the Energy Commission such as by approved performance compliance software, and shall be capable of appending the received compliance document images and data with additional information received from authorized users according to the requirements in Sections JA7.5, JA7.6, JA7.7, and with additional guidance given in the Data Registry Requirements Manual.
Electronic document layout designs implemented according to the requirements in JA7 shall include specifications for coordinate locations and positions where the Data Registry will affix the Registration Signer's Electronic Signatures, registration numbers, registration date and time record information and Registration Provider's logos and watermarks. Refer to the Data Registry Requirements Manual for additional guidance.
The following conventions shall be enforced:
The registration number for a multiple-page document shall be visible on all pages of the document.
The registration date and time shall reflect the point in time corresponding to the submittal of the electronic certification signature by the person responsible for the information on the document. The format for the registration date and time record shall be calendar date (year-month-day) with time of day (hour-minutes-seconds). Hour of the day shall utilize 24-hour format. Refer to the Data Registry Requirements Manual for additional guidance.
The performance compliance calculation date and time information that is generated by the compliance software tool shall be retained as data in the record for the registered Certificate of Compliance document in the Data Registry.
The date and time information for the compliance calculation for a multiple-page performance Certificate of Compliance document shall be visible on all pages of the compliance document.
Registered documents shall be electronically signed by the documentation authors, and by the persons who are eligible to assume responsibility for the documentation as specified by Standards Section 10-103(a) and who are authorized users of the Data Registry who have established an electronic signature authority with the Data Registry. The Registration Provider shall ensure that all required electronic signature features and procedures specified in Section JA7.6 are implemented and enforced. The electronic signature layouts and locations shall be consistent with the document layouts approved by the Energy Commission. Refer to the Data Registry Requirements Manual for additional guidance.
The Registration Provider shall ensure that the required digital signature procedures specified in Section JA7.6 are enforced. Refer to the Data Registry Requirements Manual for additional guidance.
Data Registries shall have the capability to automatically perform validation of data entered by a documentation author to complete a compliance document as required by the document data validation procedures in Section JA7.6.3.2.2.
There shall be a data validation rule set specific to each compliance document.
Refer to the Data Registry Requirements Manual for additional guidance.
Compliance document data validation rules may be implicit in the formatting of the data elements that define a compliance document for data exchange processes, or data validation rules may be implemented by the Data Registry software.
Data validation rules or specifications may be defined in the XML schema that represents the compliance data for a compliance document as further described in Section JA7.7. Validation criteria such as whether data is required or optional, the required data type, the data numeric upper and lower bounds, acceptable enumeration values, calculations that must be performed, etc., shall be defined in the XSD file.
Refer to the Data Registry Requirements Manual for additional guidance on the methods for validation of the data taking into consideration the specifications for the data elements for the data exchange processes described in Section JA7.7.
The Data Registry may flag data entry errors at any time during data entry, however all data validation shall be completed prior to allowing a documentation author signature action to be completed. Documents shall not be marked as ready for registration signing unless all required data validation errors have been corrected, and a documentation author signature action has been completed successfully.
The following conventions shall be enforced as a condition for registration of a document:
When completion of a compliance document requires data entry for an information field, the data shall be entered, otherwise registration shall not be allowed. However, if data entry for a particular information field is optional, use of a null entry or symbol such as n/a that is allowed by the document schema shall not prevent registration from concluding.
Whenever possible or practical, the Data Registry shall perform the calculations required for determining compliance results. Refer to the Data Registry Requirements Manual for additional guidance on these calculations.
Whenever possible or practical, the Data Registry shall use lookup functions that provide values needed for completing calculations as referenced from the applicable protocols in the Reference Appendices or from Standards compliance criteria. Guidance for application of lookup functions may be given in the Data Registry Requirements Manual.
Registration numbers used for the document registration procedures described in Appendix JA7 are alphanumeric sequences of digits and delimiters that shall be appended to a compliance document when the document's registration signer performs an electronic signature action in the Data Registry to conclude the registration procedure for a document. Each registration number shall be unique to only one document. The registration numbering convention assigns significance to certain digits in order to define the document type, document revision level, and the parent-child relationships between the compliance documents contained in a project. As the compliance document types required for residential projects are different than those required for nonresidential projects, the numbering conventions used shall conform to the conventions specified in sections JA7.5.4.1 and JA7.5.4.2 respectively.
Registration numbering conventions for other documentation processes are possible. Any new document process for which the Commission requires the documents to be registered shall use a registration numbering convention that is approved by the Commission.
Contingent upon approval of nonresidential Data Registries, a nonresidential registration numbering convention shall be determined and approved by the Commission in conjunction with the approval of the first nonresidential Data Registry, and shall be used by all nonresidential data registries thereafter. The nonresidential registration numbering convention specification shall use a similar design concept as used in the residential registration numbering convention described in Section JA7.5.4.2 which assigns significance to digits in order to define the document type, document revision level, and the relationships between the compliance documents contained in a project. Refer to the Data Registry Requirements Manual for additional guidance on the layout, configuration, and application of the approved nonresidential registration numbering convention.
The registration numbers assigned to residential compliance documents by the Data Registry at the conclusion of the registration process shall use standardized numbering convention to assign the applicable significance to the alphanumeric digits to define the unique document designation, document revision level, and establish the parent/child relationships between the documents contained in a project.
Refer to the Data Registry Requirements Manual for additional guidance on this standardized convention, as well the layout, configuration, and application of the approved residential registration numbering convention.
For projects for which Standards Section 10-103(a) requires the documents to be registered, compliance requires that documents shall first be registered with a Data Registry before being submitted to an enforcement agency for approval. Additionally, when revisions to the compliance documents are necessary, compliance requires the revised documents to be registered with the Data Registry prior to re-submittal to the enforcement agency for approval. Thus, the current revision of a registered document in the Data Registry shall be the reference document for validation of the authenticity of a document submitted to an enforcement agency or to another party to the construction project.
Registration Providers shall make available document verification services to authorized users of their Data Registry.
Methods for verification of a document's authenticity shall include basic visual comparison of a copy of a registered document to the current version of the registered document on file in the Data Registry.
Additionally, the automated document validation utility that is made possible by digital signature technology shall make it possible for a document recipient to automatically verify an electronic copy of a registered compliance document without having to manually inspect it against the registered document in the Data Registry. As described in Section JA7.3, the last step in the document registration procedure in the registry applies the Registration Provider's digital certificate containing their digital signature to the entire compliance document, thus providing the capability for automated verification of authenticity of electronic copies of the registered document.
Refer to the Data Registry Requirements Manual for additional guidance on digital signature technology for verification of document authenticity.
Data Registries shall be capable of tracking all compliance documentation and maintaining the correct associations between related documents, including revisions and completion statuses for all documents within a building project.
A certificate of compliance establishes the requirements for project documentation for prescriptive and performance compliance methods.
The Standards specify mandatory verification for residential projects for which there are options for compliance with the mandatory requirement. Thus, indication of the option selected for compliance with a residential mandatory measure may not be known until after a Certificate of Installation is submitted to a Data Registry to demonstrate compliance with the mandatory requirement. The Data Registry shall track when Certificate of Installation documents are registered for any mandatory measure that has an option for compliance; shall report any verification requirement that is triggered by the mandatory measure; and ensure that any required verification is completed as a condition of compliance. Refer to the Data Registry Requirements Manual for additional guidance describing residential Data Registry tracking of mandatory measure options and the required documentation for the mandatory options.
The status of completion of a project shall be reported by the Data Registry.
The Data Registry shall determine the documents required for a project based on the Certificate of Compliance and maintain a project status report with a summary of the current status of completion of the required documents for the project. The project status report shall be readily accessible to authorized users of the Data Registry. Access to the report shall be facilitated by use of search parameters relevant to the project as listed in Sections JA7.5.6.1.1 and JA7.5.6.1.2.
Enforcement Agencies may be authorized to enter notations into project records in data registries to communicate plan check and field inspection information to builders, designers, installers, raters and other parties to the construction project.
The project status report shall be made available in a printable format.
Minimum information requirements for the project status report shall include the following:
- Project name
- Project location (or address)
- Listing of the Certificate of Compliance documents required; date registered (or indicate not complete if the document record has been started but is not yet registered); registration number
- Listing of the Certificate of Installation documents required; date registered (or indicate not complete if the document record has been started but is not yet registered); registration number
- Listing of the Certificate of Verification documents required; date registered or indicate not complete if the document record has been started but is not yet registered); registration number
- Listing of the mandatory measure options required; options selected (refers to the Certificate of Installation and Certificate of Verification documentation).
Note: Nonresidential Document registration is contingent upon approval of a nonresidential Data Registry by the Commission.
- Project name
- Project location (or address)
- Listing of the Certificate of Compliance documents required; date registered (or indicate not complete if the document record has been started but is not yet registered); registration number
- Listing of the Certificate of Installation documents required; date registered (or indicate not complete if the document record has been started but is not yet registered); registration number
- Listing of the Certificate of Acceptance documents required; date registered (or indicate not complete if the document record has been started but is not yet registered); registration number
- Listing of the Certificate of Verification documents required; date registered (or indicate not complete if the document record has been started but is not yet registered); registration number.
When a revision to a compliance document is made, the revised version of the compliance document shall also be registered (a registration signer must sign again to register the revision), and the revision digit for the compliance document shall be incremented. Thus a copy of each registered revision of each Registered Compliance Document and the associated Compliance Registration Package shall be transmitted to the Commission Compliance Document Repository.
When a revision is made to a compliance document that is associated with one or more registered dependent (child) documents, the dependent documents shall have their registered status revoked, and their status shall be reported as incomplete (orphaned) until signed again by the registration signer subsequent to making any necessary changes to the "orphaned child" document made necessary by the revision of the applicable dominant (parent) document. A new registration signature is required for the orphaned child document in order to update the registration number such that the new revision level of both the parent and the child documents is shown.
A copy of the new revision of a document shall be submitted to the enforcement agency for all applicable approvals or inspections.
The data that was used to create obsolete versions of Registered Compliance Documents and the associated Compliance Registration Package shall not be required to be retained in the Data Registry history or memory. However, a copy of each revision of each registered electronic document shall be retained.
The current revision of any document in the registry shall be considered to be the only valid version of that document. All previous revisions of that document shall be considered obsolete, thus not valid for use for submittal to enforcement agencies to demonstrate compliance.
If a registered compliance document is associated with photographic evidence, the photograph shall be stored as a Joint Photographic Experts Group (JPEG) file and comply with the following requirements:
(a) Photographs shall not to be issued with registered compliance documents.
(b) Photographs shall be stored by the ECC-Provider and made available to the Commission upon request.
(c) Photographs shall show the specific equipment being tested, or measure being verified.
(d) Photographs shall include sufficient background to identify the location of the project site.
(e) Photographs shall include a time and location stamp.
Procedures for submittal of prescriptive Certificate of Compliance data shall conform to the requirements in Section JA7.7.1. Refer to the Data Registry Requirements Manual for additional guidance on procedures and requirements for Data Registry features for prescriptive certificate of compliance document registration.
The Data Registry shall ensure that multiple orientation performance Certificate of Compliance documents are configured in the Data Registry such that the registered multiple orientation Certificate of Compliance document is referenced for all build-outs of that master plan. The registered Certificate of Compliance that was approved by the enforcement agency shall be the Certificate of Compliance document that is the parent document for each and every dwelling unit built from that master plan.
Refer to the Data Registry Requirements Manual for additional guidance describing the procedures for tracking revisions to multiple orientation Certificate of Compliance Documents.
The Data Registry shall ensure that multifamily whole-building performance Certificate of Compliance documents are configured in the Data Registry such that the registered multifamily Certificate of Compliance document is referenced for all dwelling units in the multifamily building. The registered Certificate of Compliance that was approved by the enforcement agency shall be the Certificate of Compliance document that is the parent document for each and every dwelling unit specified by that whole-building certificate of Compliance document.
Detailed guidance describing the procedures for tracking revisions to multifamily whole-building Certificate of Compliance Documents may be given in the Data Registry Requirements Manual.
Procedures for submittal of residential Certificate of Installation data shall conform to the requirements in Section JA7.7.1. Detailed guidance for the functional and technical elements necessary for registration of residential Certificate of Installation documents for a Data Registry may be given in the Data Registry Requirements Manual.
Nonresidential Certificate of Installation document registration is contingent upon the approval of nonresidential Data Registries.
Procedures for submittal of Nonresidential Certificate of Installation data shall conform to the requirements in Section JA7.7.1. Detailed guidance for the functional and technical elements necessary for registration of Nonresidential Certificate of Installation documents for a Data Registry may be given in the Data Registry Requirements Manual.
Certificate of Verification documents are always registered documents.
Procedures for submittal of Certificate of Verification shall conform to the requirements in Section JA7.7.1. Detailed guidance for the required functional and technical elements necessary for registration of Certificate of Verification documents for a Data Registry may be given in the Data Registry Requirements Manual.
Group number is an ECC Provider-designated identification number unique to the sample group to which a dwelling has been assigned. The group numbers assigned to residential compliance documents by the Data Registry at the conclusion of the registration process shall use the standardized numbering convention published in the Data Registry Requirements Manual approved by the Energy Commission. The group number shall be reported on all Certificate of Verification documents that utilize group sampling for compliance. Guidance for the layout, configuration, and application of the approved residential group numbering convention shall be maintained in the Data Registry Requirements Manual.
Certificate Acceptance document registration is contingent on the approval of nonresidential Data Registries.
Procedures for submittal of Certificate Acceptance data shall conform to the requirements in Section JA7.7.1. Detailed guidance for the required functional and technical elements necessary for registration of Certificate of Acceptance documents for a Data Registry may be given in the Data Registry Requirements Manual.
This section defines the functional and technical requirements for the use of electronic and digital signatures in the registration of compliance documents. These specifications shall be implemented by a Data Registry as a condition of approval of the Data Registry by the Commission.
- Authorized Users of Data Registries who must sign Compliance Documents either as the Documentation Author, or Field Technician, or as the Registration Signer (responsible person).
- Registration Providers who must implement the electronic and digital signature specifications into the Data Registry user interface to provide Electronic Signature capabilities to the Authorized Users of the Data Registry, and must append their digital signature to all registered compliance documents created in their Data Registry.
- Commission Compliance Document Repository which must receive Registered Compliance Documents and Compliance Registration Packages transmitted from the Data Registries and will process the digital signature to validate the sender and the contents.
- Persons or Software Entities who Validate Electronic Documents who may receive electronic copies of registered documents made available by the Data Registries and will process the digital signature to validate the sender and the contents.
- Compliance Software Tools that export Compliance Documents and Compliance Registration Packages for transmittal to the Data Registries that must subsequently be electronically signed and registered in the Data Registry.
The electronic and digital signature requirements of the Data Registry consist of the following major functions:
The Data Registry shall provide electronic signature capability to authorized users.
The Data Registry shall ensure that compliance documents are complete and the data entered conforms to the data validation rules for the applicable document prior to making the documents available for registration signing.
The Data Registry shall provide functionality for authorized users to select, review, and sign compliance documents as a Documentation Author, Field Technician, or Registration Signer.
The Data Registry shall apply the Registration Provider's Digital Signature to compliance documents electronically signed by the registration signer when concluding the document registration procedure in the Data Registry. The Registration Provider's digital signature shall be created by a technology acceptable by the California Secretary of State.
The function of the Registration Provider's digital certificate is to provide verification from an approved certificate authority that the document came from the Registration Provider's Data Registry and to provide automated document verification to persons or agencies that receive electronic submittals of these registered documents.
Additional guidance for use of digital signatures and digital certificates shall be given in the Data Registry Requirements Manual.
The Data Registry, upon completion of the registration procedure, shall immediately and automatically transmit a copy of the completed Registered Compliance Document and Compliance Registration Package to the Commission Compliance Document Repository, which will process the Registration Provider's digital signature to validate the sender and the compliance document contents.
Additional guidance for use of digital certificates for validation of document authenticity shall be given in the Data Registry Requirements Manual.
The Data Registry shall retain a copy of the completed Registered Compliance Document and Compliance Registration Package and make the Registered Compliance Document available for use by authorized users of the registry who may access a copy of the registered document and may subsequently process the Registration Provider's digital signature to verify the sender and the compliance document contents.
The Data Registry shall process the completed Compliance Registration Package from Compliance software tools approved by the Energy Commission for use in the Compliance Document Registration process in accordance with the specifications in Section JA7.7.1.6.
If the Data Registry allows use of External Digital Data Sources (EDDS) as an alternative to keyed- in data input for document registration procedures, the requirements in Section JA7.7.1.2 shall be met.
Additional guidance for receiving and processing output from compliance software and EDDS may be given in the Data Registry Requirements Manual.
There are four categories of users who will participate in the electronic and digital signature functionality:
This is a heterogeneous category composed of ECC Raters, building designers, building contractors, installation contractors, energy consultants, homeowners, and others.
This category consists of each approved Registration Provider.
These users will need to apply decryption processing using the digital certificate to identify the sender and verify the contents of the received Registered Compliance Document and Compliance Registration Package. The Commission Compliance Document Repository is a main user in this category. Also, users who take advantage of digital signature automated verification capabilities to verify the authenticity of Registered Compliance Document and Compliance Registration Package received as electronic submittals from various other participants in the compliance documentation process will be another main user in this category.
Title 24 compliance software tools are the main users in this Category.
The electronic compliance documents exported from the compliance software tools that are approved by the Energy Commission must be formatted to provide a standardized location for the visible aspects of electronic signatures, digital signature appearances, and other aspects of registration information such as registration numbering, and registration date/time stamps.
The Data Registry shall be capable of appending the visible aspects of electronic and digital signatures and other required registration information to the correct locations in the signature blocks and footers on the imported compliance documents during the subsequent electronic signature and registration procedures.
The Data Registry shall implement the capability to append the visible aspects of the required document registration information to the signature blocks and footers on compliance documents in these locations.
Detailed guidance for appending the required document registration information may be described in the Data Registry Requirements Manual.
The digital signature technology including the hash algorithm and asymmetric key encryption used shall be consistent across all Data Registries because the Commission Compliance Document Repository will not support multiple approaches.
Detailed guidance for use of digital signature technology and digital certificates shall be given in the Data Registry Requirements manual.
All Data Registries shall utilize the same informational content, graphical layout and formatting unique to the applicable type of compliance document when displaying the completed compliance documents for review and signing as part of the registration process. These document layouts shall conform to the informational content, graphical layout and formatting approved by the Commission. Additional detailed guidance regarding informational content, graphical layout and formatting will be presented in the Data Registry Requirements Manual.
The Data Registry shall provide electronic signature capability to authorized users who have the role of Documentation Author, Field Technician, or Registration Signer. A Field Technician Signature is required only on registered Certificate of Acceptance Documentation. A Certificate of Acceptance document requires that there be both a Documentation Author signature and a Field Technician signature prior to registration signing. The Data Registry shall not register a Certificate of Acceptance document that has been recorded (or is expected to be recorded) by an Acceptance Test Technician Certification Provider.
The Data Registry shall check that compliance documents are complete and shall perform the required data validation for the document before making them available for signing and/or registering. Data must be validated with an XML schema approved by the Commission. Additional guidance for the data validation for each document shall be provided in the Data Registry Requirements Manual.
Any applicable error messages shall be posted indicating the actions necessary as prerequisite to completion of the registration process.
The Data Registry shall provide functionality for authorized users to select, review and sign compliance documents as a documentation author, field technician, or registration signer.
The Data Registry shall apply the Registration Provider digital signature to compliance documents electronically signed by the registration signer.
The Registration Provider shall ensure that PDF reader freeware can verify the digital signature of the registered PDF documents. The Registration Provider shall make available a procedure that allows users to securely acquire the digital certificate issued by the Data Registry's approved certificate authority. The procedure may add the certificate to the user's local root certificate store if necessary.
“Digitally signed by [Data Registry Provider’s name]. This digital signature is provided in order to secure the content of this registered document, and in no way implies Registration Provider responsibility for the accuracy of the information".
Other information such as graphic(s), watermark(s), date, or time stamps are not required for the digital signature appearance.
The Data Registry, upon completion of the registration procedure, shall immediately and automatically transmit a copy of the completed Registered Compliance Document and Compliance Registration Package to the Commission Compliance Document Repository which will process the Registration Provider's digital signature using the Registration Provider's digital certificate to verify the sender and the compliance document contents.
The Registration Provider shall retain a copy of the completed Registered Compliance Document and Compliance Registration Package. The Registration Provider shall make the Registered Compliance Document available for use by authorized users of the registry who may print a hard copy, or access an electronic copy of the registered document and may subsequently process the Registration Provider's digital signature using their digital certificate to verify the sender and the compliance document contents.
The Data Registry shall process the Compliance Registration Package transmitted from Title 24, Part 6 performance compliance software tools approved by the Energy Commission, and shall process transmittals from external digital data sources described in Section JA7.7.1.2 when approved in accordance with the requirements in Section JA7.8 for use in compliance document registration processes.
There may be alternate means by which Compliance Software tools or other external digital data sources communicate with Data Registries, such as by data streaming. Use of such alternate means shall not be allowed unless approved by the Energy Commission.
Compliance documents required by the Administrative Regulations (Title 24, Part 1, §10-103) shall be based on standardized data structures that define their informational content and graphical layout. These data structures shall be represented using the XML data exchange standard developed by the World Wide Web Consortium. The XML data that represents the information entered by users and subsequently displayed in information fields on compliance document images shall be validated against an XML schema that is published in the Data Registry Requirements Manual that is approved by the Energy Commission. The XML schema(s) shall standardize the organization of the data, the terminology, and the data types, thus support data integrity and provide built-in data validation. All electronic data transmittals used for producing compliance documents in Data Registries shall be based on XML technology.
The compliance document images rendered from XML data submitted to the Data Registry shall be consistent with the informational content, graphical layout, and graphical formatting for the compliance documents approved by the Energy Commission.
Detailed Guidance for use of the data definitions defined in the XML schema, and the data formats used to render each of the registered compliance documents shall be provided in the Data Registry Requirements Manual. Consideration shall be given to use of two complimentary XML technologies, Extensible Stylesheet Language Transformation (XSLT) and Extensible Stylesheet Language Formatting Objects (XSL-FO) which shall work directly with the data in the Compliance Data Exchange File to transform the data into the required graphical layout and formatting for the completed compliance document image.
Data registries shall provide web-based services to authorized users to enable user data exchange in accordance with JA7.7.1.
Data exchange transactions with a Data Registry for document registration procedures shall utilize keyed-in data entry as described in Section JA7.7.1.1; output from approved Title 24, Part 6 Performance Compliance Software as described in Section JA7.7.1.6; or data exchange from an external digital data source as described in Section JA7.7.1.2 that has been approved by the Energy Commission in accordance with applicable requirements specified in Section JA7.8.
Data exchange utilizing software tools/technology or external digital data sources (EDDS) that have not been approved by the Energy Commission shall not be used for the document registration processes required by Title 24, Part 6.
Data Registries shall have the capability to receive data entry from an authorized user's personal computing device when the authorized user has logged-on to the Data Registry web service using the personal computing device.
As an alternative to the data entry described in JA7.7.1.1, digital data sources external to a Data Registry may be used by an authorized user of a Data Registry for transmitting information to a Data Registry during document registration procedures. External Digital Data Sources (EDDS) shall be approved by the Energy Commission in accordance with the applicable requirements specified in Sections JA7.8.
The data uploads to an EDDS, and the data exchange between a Data Registry and an EDDS, including data upload and data exchange that is facilitated by an API, shall conform to the following:
(a) The data exchange from an EDDS to a Data Registry shall be initiated only by an authorized user of the Data Registry; only while the user is logged into his Title 24, Part 6 Data Registry user account; and only by use of a data exchange feature managed and made available to the user by the Data Registry user interface.
(b) The data exchange from an EDDS to a Data Registry shall not be an unattended automatic electronic data exchange transaction.
(c) The Registration Provider shall ensure the authorized user has the opportunity to review and revise the information transmitted to the data registry by use of an EDDS prior to making electronic signature controls available to the user.
(d) The Registration Provider shall be responsible for managing the security and integrity of the data exchange with the EDDS.
(e) The Registration Provider shall ensure that user data uploads to the EDDS, and subsequent storage and maintenance of compliance data in the EDDS are done using best practices for secure data exchange and secure data storage.
(f) The Registration Provider shall ensure that the data exchange processes that import data into the Data Registry from the EDDS are performed using best practices for secure data exchange.
(g) The user's compliance data may be uploaded automatically to an EDDS datastore, such as by network-connected diagnostic field verification instruments, or it may be keyed in by the user using an EDDS services software user interface.
(h) The data transmitted from an EDDS to a Data Registry shall conform to the XML schema for each respective Title 24, Part 6 compliance document for which the data is to be used. All data provided to complete compliance documents shall be subjected to data validation by the Data Registry software after the data is transmitted to the Data Registry.
(i) The current compliance document schemas approved by the Energy Commission shall be made available to the EDDS services providers as needed in order to clarify the Title 24 Part 6 compliance document data requirements.
(j) Examples and additional guidance for how to comply with Joint Appendix JA7 regarding interfacing with and managing EDDS technical features are included in the Data Registry Requirements Manual.
EDDS types may include but are not limited to:
-
Diagnostic instrument manufacturer services that incorporate wireless or web-based data logging capabilities into their products, capture and store relevant information from field diagnostic testing procedures, and provide digital access to the stored data to the diagnostic tool owners and other parties to the field verification procedure.
-
Third party quality control program (TPQCP) services that verify the work of participating installers, collect and evaluate more detailed data than necessary for compliance, identify in real-time during the installation invalid and inaccurate installer testing and noncompliant installations, and enable corrected testing with the goal of bringing installations into compliance before the installer leaves the job site. TPQCP descriptions and requirements are specified in Appendix RA2.7.
-
Internet-based datastore services that are administered by an EDDS Provider to who ensures the security and integrity of data input to the datastore service. Authorized users of Title 24, Part 6 Data Registries may elect to use EDDS datastore services for data input, and subsequently transmit the stored data to a Title 24, Part 6 Data Registry while logged- in to the Data Registry during Title 24, Part 6 document registration procedures.
Image files transmitted to a Data Registry that originate from an Energy Commission-managed compliance Report Generator or approved compliance software as part of document registration procedures shall be non-editable "flat" image files in PDF format. Registered Compliance Document images produced by a Data Registry shall be non-editable "flat" image files in PDF format. The PDF image of a Registered Compliance Document shall not be recreated from data when a user subsequently wishes to view a copy of the registered document or download a PDF file copy of the document. Thus, the image shall be generated only once, and stored in the Data Registry as a "non-editable" image file.
Contingent upon approval of a document repository by the Commission, upon conclusion of the registration of a document, the Data Registry shall immediately and automatically export a copy of the Registered Compliance Document and Compliance Registration Package to the Energy Commission Document Repository.
The Compliance Registration Package export shall conform to the specifications for data exchange described in JA7.6 and JA7.7.
Compliance Registration Package exports to the Commission Compliance Document Repository shall contain the Compliance Data Exchange File that includes the XML data representation of the information displayed on the Registered Compliance Document, and the Registration Provider's digitally signed image file that represents the completed Registered Compliance Document.
Detailed guidance for how to comply with requirements in JA7 concerning data and document exports to the document repository are included in the Data Registry Requirements Manual.
Registered document files retained by a Data Registry shall be made available to authorized users of the Data Registry for download for use for electronic submittals. These electronic copies of the registered compliance documents shall have the Registration Provider's digital signature which provides for automatic electronic verification of the authenticity of the document. Refer to Section JA7.5.5 for more information about automatic verification of document authenticity using digital certificates.
The Title 24, Part 6 residential and nonresidential compliance manager-based performance compliance software (compliance software) utilizes digital signing when generating analysis data for submission to the Compliance Report Generator (RG) for creating the Certificate of Compliance. Subsequently, the RG utilizes digital signing of the Certificate of Compliance Registration Package returned to the compliance software user making available the capability for Data Registries to verify the authenticity of the compliance software output and confirm the data has not been tampered with.
Data Registries shall digitally inspect all Certificate of Compliance Registration Packages submitted for registration to ensure both the Certificate of Compliance data and PDF image components of the compliance software output are authentic and have not been tampered with. Data Registries shall ensure that Certificate of Compliance Registration Packages that are not authentic or have been tampered with shall not be used for document registration for demonstrating compliance with Title 24 Part 6.
Detailed guidance for how to comply with requirements in JA7 concerning Data Registry use of the digital signing technologies employed by the compliance software and the RG are included in the Data Registry Requirements Manual.
This section explains the requirements for approval of Data Registries that provide services to authorized users for creating and registering documents required for compliance with Title 24, Part 6.
The Commission shall perform acceptance testing of Data Registries when a Registration Provider submits an application for approval in order to confirm the requirements in Appendix JA7 have been met.
When an application for approval includes use of external digital data sources (EDDS) described in Section JA7.7.1, the Energy Commission shall perform acceptance testing of the EDDS proposed to be used for data input by authorized users of the Data Registry.
Detailed examples and guidance for how to comply with requirements in JA7 concerning acceptance testing and approval procedures for data registries and EDDS are included in the Data Registry Requirements Manual.
JA7.8 is not applicable to approval of compliance software used for the performance compliance method for demonstrating compliance with Part 6.
The approval procedure requires the Registration Provider applicant to perform self-testing of the required document registration capabilities.
When the application for approval includes use of an EDDS, the EDDS services provider and the Registration Provider shall perform self-testing of the data exchange features proposed for approval, and confirm that the data exchange from the EDDS to the Data Registry provides accurate information to all applicable compliance document data fields for each compliance document for which the EDDS is proposed to be used for data input.
The Commission shall subsequently perform acceptance tests to verify that the proposed Data Registry is suitable for use for providing the compliance document registration functionality required by the Standards.
Refer to the Data Registry Requirements Manual for additional guidance on alternative procedures for the Energy Commission staff to perform acceptance testing of the document registration capabilities.
The Registration Provider shall develop a user manual or online help screens that explain how to perform the document registration procedures offered by the Data Registry. The user manual or online help screens shall be reviewed by the Commission for accuracy and ease of use.
A statement from the Registration Provider applicant certifying the reliability and accuracy of the Data Registry when used for registration of Compliance Documents in accordance with the requirements of Standards Section 10-103(a), Appendix JA7. Refer to the Data Registry Requirements Manual for additional guidance.
The template for the Registration Provider Certification Statement document may be published in the Data Registry Requirements Manual, and electronic versions of the Registration Provider Certification Statement template shall be made available to the Registration Provider applicant upon request.
Electronic copies of the results from the Registration Provider's document registration self-tests shall be provided.
Refer to the Data Registry Requirements Manual for additional guidance on performing and reporting self-tests.
A copy of the user manual for the Data Registry shall be provided in an electronic format that can be utilized by word processing software. Help screens from the Data Registry user interface, organized into an electronic document file with a table of contents is an acceptable alternative to the requirement for a user manual.
Username and password information shall be provided to allow access to the Data Registry for Energy Commission staff to perform acceptance testing of Data Registry functionality.
The Registration Provider's digital signature public key shall be made available such that the digital signature on registered documents produced by the Data Registry can be tested.
A working agreement document or contract shall be executed between a Registration Provider and an External Digital Data Source (EDDS) services provider as prerequisite to approval of the EDDS for use for transmittal of data to the Data Registry for Title 24, Part 6 document registration. The agreement shall describe the specifications of any Internet-based EDDS services or EDDS software utilized to store the compliance document data on behalf of authorized users of the Data Registry, including description of any Internet-based data gateway interfaces (such as an API) used for sharing the compliance data with third parties.
Applications for approval of a Data Registry to use EDDS services shall include documentation to disclose the details of the working agreement(s) or contract(s) between the Registration Provider and EDDS services Provider. This documentation shall include descriptions of the parties involved, and the technologies used for the data exchanges between the EDDS and the Data Registry.
A separate agreement is required for each working relationship between a Data Registry and an EDDS. EDDS services providers may be approved to provide services to any number of approved Registration Providers. Registration Providers may be approved for use of any number of EDDS services providers. Where a Registration Provider makes use of an Application Programming Interface (API), each EDDS that the API interfaces with must be approved.
There are two Data Registry approval procedures: full approval as described in Section JA7.8.3.1, and streamlined approval of amendments and revisions as described in Section JA7.8.3.2. Approval of an EDDS services provider shall conform to the requirements of either Section JA7.8.3.1 or Section JA7.8.3.2, as applicable. Refer to the Data Registry Requirements Manual for additional guidance on approval procedures.
Full approval by the Energy Commission shall be required when an applicant Registration Provider has not previously been approved by the Energy Commission.
Full approval by the Energy Commission shall be required whenever major changes are made to a Data Registry's functionality, security, or technology features that necessitate acceptance testing of more than 30% of the compliance document templates used in the applicant's Data Registry library.
Full approval by the Energy Commission shall be required when the Standards are updated (re-approval). When Data Registry re-approval is mandated by the Energy Commission, all Registration Providers shall be notified of the re-approval timetable. Refer to the Data Registry Requirements Manual for additional guidance on the re-approval process.
Full approval shall ensure the Data Registry conforms to all applicable requirements for functionality and security in Appendix JA7 including but not limited to:
- Capability to produce and manage registered documents (JA7.5).
- Electronic signature capability, and manage authorization of users (JA7.6.3.2.1).
- Document data validation (JA7.6.3.2.2).
- Signer review and signature actions (JA7.6.3.2.3).
- Digital signature and digital certificate actions (JA7.6.3.2.4).
- Capability to transmit secured documents and data to the Commission Compliance Document Repository (JA7.6.3.2.5).
- Document retention capability (JA7.6.3.2.6).
- Capability to receive and process electronic data using best practices for secure data exchange, using data sources and procedures approved by the Energy Commission for registering compliance documents (JA7.6.3.2.7; JA7.7).
Amendments and revisions to existing Data Registry software and services for which full approval by the Energy Commission is not required, may be approved by the Executive Director through a streamlined process.
Changes that qualify for streamlined approval include minor changes to the Data Registry document registration procedures, data input specifications and procedures, or registered compliance document output.
Any application for amendment or revision to existing Data Registry software and services shall be accompanied by a cover letter explaining the type of amendment or revision requested, and copies of any applicable documents that are necessary to fully describe and justify the proposed amendment or revision.
All items on the application checklist in section JA7.8.2 that are applicable to the proposed amendment or revision shall be submitted.
When Data Registry modifications qualify for streamlined approval, the following procedure shall be followed:
- The Registration Provider applicant shall notify the Executive Director in writing to provide a description of the change and the reason for making the change.
- The Registration Provider applicant shall prepare an addendum to the user manual describing the change to the Data Registry if applicable.
- The Executive Director shall respond to the Registration Provider applicant in accordance with the procedures specified in Standards Section 10-110. The Executive Director response to the applicant may:
- Approve the modification;
- Request additional information;
- Refuse to approve the modification;
- Require the Registration Provider to submit results of additional acceptance tests applicable to the modification; or
- Require that the Registration Provider make specific changes to either the User Manual addendum or the Data Registry functionality.
- Subject to approval by the Executive Director, the Registration Provider may make the modified Data Registry available for use for registration of compliance documentation, along with the modified user manual or addendum to the user manual, and shall notify authorized users of the Data Registry when modifications to the Data Registry have been made available.
The Commission may rescind approval of Data Registries through various means as described in this section.
A revision to the functionality of a Data Registry to discontinue a working or contractual relationship between the Data Registry and an External Digital Data Source Provider:
- Shall not be a procedure that initiates deactivation of the Data Registry.
-
All Data Registries are deactivated when the Standards undergo substantial changes, usually occurring with each Standards update. However, the Data Registry shall remain approved to provide document registration for projects that have been permitted under the prior versions of the Standards.
-
Any Data Registry can be deactivated by a letter from the Registration Provider requesting that the Data Registry be deactivated. The deactivation request shall briefly describe the reasons that justify the need for deactivation.
-
The Executive Director may at any time, including upon petition by any party or recommendation by Commission staff, initiate a review of a Data Registry approval according to the steps outlined in Section JA7.8.4.2 below. The intent is to provide a means whereby serious Data Registry errors, violations of JA7, flawed numeric results, or improper registered document output not discovered in the Data Registry approval process can be verified, and a corrective course of action determined. Also, the intent is to provide ample opportunity for the Commission, the Registration Provider, and all interested parties to evaluate any alleged errors in the Data Registry functionality.
A description of the process for challenging a Data Registry or initiating a deactivation procedure follows:
- Any party may request a review of a Data Registry approval by submitting a petition to the Energy Commission's Executive Director. petition shall:
- State the name of the Data Registry that contains the alleged errors or violations of the Registration Provider’s obligations under JA7;
- Identify concisely the nature of the alleged errors or violations of the Registration Provider’s obligations under JA7 in the Data Registry that require review;
- Explain why the alleged errors are serious enough in their effect on document registration compliance to justify a deactivation procedure; and
- Include appropriate data electronically (in a format agreed to by the Executive Director) and/or information sufficient to evaluate the alleged errors or violations of JA7.
- The Executive Director shall make a copy or copies of the petition or Commission Staff’s recommendation report available to the Registration Provider and interested parties within 30 days. Comments from interested parties shall be received within 60 days of the acceptance of the original application.
- Within 75 days of receipt of the petition or recommendation report, the Executive Director may request any additional information needed to evaluate the alleged Data Registry errors or violations of the Registration Provider’s obligations under JA7 from the party who initiated the deactivation review process. If the additional information is incomplete, this procedure will be delayed until the initiating party submits complete information.
- Within 75 days of receipt of the petition or recommendation report, the Executive Director may convene a workshop to gather additional information from the initiating party, the Registration Provider and interested parties. All parties will have 15 days after the workshop to submit additional information regarding the alleged Data Registry errors or alleged violations of the Registration Provider’s obligations under JA7.
- Within 90 days after the Executive Director receives the petition or recommendation report or within 30 days after receipt of complete additional information requested of the initiating party, whichever is later, the Executive Director shall either:
- Determine that the Data Registry need not be deactivated; or
- Submit to the Energy Commission a written recommendation that the Data Registry be deactivated.
- If the Energy Commission approves the Data Registry deactivation, it shall take effect 60 days later. During the first 30 days of the 60 day period, the Executive Director shall send out a Notice to Enforcement Agencies and Interested Parties announcing the deactivation.
All initiating parties have the burden of proof to establish that the review of alleged Data Registry errors should be granted. The deactivation process may be terminated at any time by mutual written consent of the initiating party and the Executive Director.
The Registration Provider may use the 180 to 210-day period outlined here to update the Data Registry, get it re-approved by the Commission, and make available for use by authorized users the revised version of the Data Registry that does not contain the errors or violations initially brought to the attention of the Commission.
Each Registration Provider is required to publish a Data Registry User Manual. This requirement may be met by incorporating help screens into the Data Registry user interface, or making electronic tutorials readily available to users. A printed or electronic version which includes all help screen items or tutorials must be submitted with the application. The Data Registry User Manual shall provide guidance for building permit applicants and enforcement agency officials to enable correct use of the Data Registry, and assists with preparation of registered documentation used for submittals to enforcement agencies and other parties to the construction project.
The Document Registration Manual shall describe the specific Data Registry procedures for completing registered compliance documents. The manual shall provide instructions for preparing the data input and for utilizing the registered documents for submittals. An example of a full set of compliance documents for a building project shall be included.
Data Registry User Manuals shall be written in a clear and concise manner and with an organization and format that will allow users to quickly locate the topic and understand the instructions. Also, Registration Providers shall make electronic copies of their user manual available from their Data Registry website to all building departments in California.
Portions of a Data Registry User Manual that are incorporated as help screens into the Data Registry user interface do need not be published separately; their inclusion into the user interface satisfies the requirements of this subsection.
The following sections describe the information that shall be included in all Data Registry User Manuals. It also presents the required organization for that information.
This section shall discuss the Data Registry capabilities, providing explanation of how to access these capabilities, and the purpose for each of these features.
This section shall cover the basic use of the Data Registries to prepare each of the basic Compliance Document types, and should include a complete summary of all document creation methods or commands necessary to complete the required registered documents.
This section shall contain instruction for completing submittals of completed registered documents to enforcement agencies or other persons who require copies of completed registered documents. Instruction shall be given for all methods of submittal the Data Registry supports, including various methods for submittal of electronic copies of the registered documents, as well as for printing of paper copies.
This section shall include an example of a complete set of compliance documentation for a sample building. The building need not be overly complex, nor need it include every document type possible. The example should, however, include example documentation for all compliance document types that would normally be submitted for typical occupancy types administered by the Data Registry.
When a Data Registry is approved to make available use of EDDS features to authorized users of the Data Registry for data input during document registration procedures, the Data Registry user manual shall include instructions for use of those features. The instructions shall describe use of the Data Registry user interface for EDDS data input procedures. Additionally, if the EDDS services provider has a user interface or software application that the user is expected to access and operate that is independent of the Data Registry user interface, a copy of the EDDS service or software user instructions shall be included in the Data Registry User Manual. If the EDDS service or software user instructions contain proprietary information or intellectual property, the EDDS service or software user instructions do not need to be included in the Data Registry User Manual. However, the EDDS service or software user instructions must be made available to all authorized users that use the EDDS service or software.