Electronic Signature Policy
1. Introductionβ
This document outlines OpenEdenβs (βOEβ) electronic signature policy. An electronic signature may replace a wet signature or an electronic record may replace a paper document.
OE implements this electronic signature policy to increase the efficiency of operational transactions that previously required wet signatures on paper documents. This policy applies to all forms of electronic signatures and electronic records used to conduct official business. Official business includes, but is not limited to, electronic communications, transactions, procurements, contracts, and other official purposes.
2. Definitionsβ
Approval Authority: for purposes of this policy, means the Executive Director, Assistant Executive Director, or designee.
Approved Electronic Signature Method: one that has been approved in accordance with this policy and applicable state and federal laws, and which specifies the form of the electronic signature, the systems and procedures used with the electronic signature, and the significance of the use of the electronic signature.
Authentication: the process of securely verifying the identity of an individual applying an electronic signature.
Electronic: relates to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
Electronic Record: any record created, used, or stored in a medium other than paper, such as: information processing systems, computer equipment and programs, electronic data interchange, electronic mail, voice mail, text messages, information in mobile devices. To the extent that facsimile, telex, and/or telecopying. And/or former hard copy documents are retained in electronic form, through a scanning process, they are also considered electronic records.
Electronic Signature: an electronic sound, symbol, or process, attached to or logically associated with and executed or adopted by a person with the intent to sign the record. An electronic signature must be attributable (or traceable) to a person who has the intent to sign the record with the use of adequate security and authentication measures that are contained in the method of capturing the electronic transaction (e.g., use of personal identification number or personal log-in identification username and password), and the recipient of the transaction must be able to permanently retain an electronic record of the transaction at the time of receipt.
Electronic Transaction: a transaction conducted or performed, in whole or in part, by electronic means or electronic records.
Record: information that is inscribed in a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form. Financial and other documents or forms are records.
Security Procedure: used to verify that an electronic signature, record, or performance is that of a specific person; to determine that the person is authorized to sign the document; and, to detect changes or errors in the information in an electronic record.
Wet Signature: a document that is physically marked.
3. Policies on Electronic Signature Useβ
To the fullest extent permitted by law, OE accepts electronic signatures as legally binding and equivalent to wet signatures to signify an agreement or intent to enter into a contract.
A. Mutual Agreement by the Parties
This policy applies to transactions between parties each of which agree to conduct transactions by electronic means. Signees may opt out of using electronic signatures.
Opt Out Clause: By signing this document, you are agreeing that you have reviewed the information contained in the record and agree to the terms of the record using electronic communications, to receive notices and disclosures electronically, and to use electronic signatures in lieu of using physical documents. You are not required to receive notices and disclosures or sign documents electronically. If you prefer not to do so, you may request to receive physical copies and withdraw your consent at any time.
B. Required Signature
When OEβs policies or operational practices require that a record has a signature of an authorized person, the requirement is met when the electronic record has associated with it an electronic signature using an approved electronic signature method.
When OEβs policies or operational practices require that a document has a signature of an authorized person, the requirement is met when the electronic record has associated with it an electronic signature using an approved electronic signature method.
4. E-Signature Transaction Approval and Responsibilitiesβ
A. Authorized Person Verification
The signing of a record using an approved electronic signature method does not mean that the record has been signed by a person authorized to sign or approve that record. OE implements procedures used to confirm that the person signing the record has the appropriate authority and intent to sign the record.
B. Approval of Electronic Signature Methods by the Approval Authority
The final approval of any electronic signature method will be by the approval authority. In determining whether to approve an electronic signature method, consideration is given to the systems and procedures associated with using that electronic signature, and whether the use of the electronic signature is at least as reliable as the existing method being used. This determination is made by the approval authority through the selection of a sufficient electronic signature service and reviewing all electronic signatures.
In the event that it is determined that a previously approved electronic signature method is no longer trustworthy, the approval authority will revoke the approval of that electronic signature method.
5. Implementation and Security Proceduresβ
The following requirements pertain to approved electronic signature methods:
Specific transactions that may be conducted by electronic means must be identified;
The manner and format in which electronic records are created, generated, sent, communicated, received, and stored, and the systems established for those purposes must be specified
The method complies with any law or regulation that requires electronic records which must be signed by electronic means;
Specify the type of electronic signature required, the manner and format in which the electronic signature must be affixed to the electronic record, and the identity of, or criteria that must be met, by any third party used by a person filing a document to facilitate the process.
Control processes and procedures implemented assure adequate preservation, disposition, integrity, security, confidentiality, and auditability of electronic records;
An inventory of all approved electronic signature methods is maintained; and
Approval of an electronic signature method must be obtained as follows:
An analysis of the nature of the transaction or process to determine the level of protection needed and the level of risk that can be tolerated. The analysis includes:
A review of technological options and follow commercial trends as appropriate;
Identifying and documenting any potential costs, quantifiable and unquantifiable, direct and indirect, in performing a cost/benefit analysis;
Developing a comprehensive plan for converting a traditional process to an electronic one; and
Identifying all information relevant to the process.
Electronic signatures may be implemented using various methodologies depending on the risks associated with the transaction, and all relevant state, federal, and university regulations. Examples of transaction risks include: fraud, non-repudiation, and financial loss. The quality and security of the electronic signature method shall be commensurate with the risk and needed assurance of the authenticity of the signer.
The electronic signature methodology shall be commensurate to the assurances needed for the risks identified. In addition, specifications for recording, documenting, and/or auditing the electronic signature as required for non-repudiation and other legal requirements shall also be determined by the unit.
OE adopts security procedures for electronic signatures, electronic transactions, and electronic records that are practical, secure, and balance risk and cost. It is not the intent of this policy to eliminate all risk, but to provide a process for undertaking appropriate analysis prior to approving the use of electronic signatures, transactions, and records for specific operational practices and to determine if those practices conduct an analysis determining when electronic signatures can replace wet signatures.
The level of security that an electronic signature methodology employs shall adhere to industry best practices and align with state and federal regulations.
6. Violations and Sanctionsβ
Any individual or party that makes inappropriate or illegal use of electronic signatures, transactions and/or records is subject to sanctions up to and including dismissal, suspension, and criminal prosecution.
Last updated