3.35 Electronic Signature (e-sign) Policy and Procedure

Policy

POLICY 

Clover Park Technical College (CPTC) recognizes the use of electronic signatures can reduce costs, simplify transactions, and speed up transaction time. Chapter 1.80 RCW authorizes state agencies to utilize electronic signatures in the conduct of governmental affairs and other transactions. The Vice President for Finance & Administration has been delegated all signing authority on behalf of CPTC.

This policy and its procedures apply to all CPTC employees participating in the approval, selection, acquisition, and implementation of an electronic signature solution.

Background

Clover Park Technical College (CPTC) intends to promote electronic transactions and remove barriers that might prevent electronic transactions throughout the college. Changes to Washington law make it clear that organizations are allowed and encouraged to use and accept electronic signatures to authenticate electronic transactions. Unless otherwise specified by law, electronic signatures have the same force and effect as that of a handwritten signature.

State agencies must meet the following requirements in order to use and accept electronic signatures or electronic submissions:

State agencies are required to put in place by policy or rule, the methods and process for using or accepting electronic submissions or electronic signatures.

Electronic records and signatures must be consistent with policy, standards and guidelines laid out by Washington UETA Senate Bill 6028.

To the fullest extent allowed by law, CPTC encourages electronic transactions and recognizes electronic records and signatures. The use and acceptance of electronic signatures and electronic submissions/records shall be consistent with the guidance and requirements put in place by WATECH.
 

The Vice President of Finance and Administration (VPFA) in consultation with the Executive Director of IT Services shall approve specific methods and processes for electronic signatures and submissions. These approval authorities may be delegated at the discretion of the VPFA.
 

The approval of solutions shall be coordinated through the IT Services department. The VPFA shall determine a suitable review and approval process to be used when determining which solution(s) are suitable for a particular type of record or transaction. Where appropriate, a team approach shall be used. Approved solutions shall be listed in the related procedures.

Definitions

Electronic Signature

An electronic signature is a sound, symbol, or process attached or associated with an electronic record and executed or adopted by a person with the intent to sign the record. The integrity and authenticity of a record with an electronic signature needs to be preserved over time. Signatures are used when:

• required by law, or
• the significance of a transaction needs to be emphasized, or
• the transaction needs to be bound to a person

In practice, electronic signatures emphasize one or more of the following four parts:

1. the identification and authentication of the signer, or
2. the intent to sign, or
3. the association of the signature to the record, or
4. the authenticity and integrity of the record

Authentication

The assurance that an electronic signature is that of the person purporting to sign a record or otherwise conducting an electronic transaction.

Authorization

When an individual has both verified permission and the requisite authority to sign a record, access specific college services, or perform certain operations, including executing binding agreements.

Electronic Record

A record created, generated, communicated, sent, received, or stored by electronic means.

Nonrepudiation

Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.

Record Integrity

Integrity refers to the assurance that a record is preserved without any alteration that would impair its use as an authentic record. Both accuracy and the completeness of the electronic record must be preserved.

Click Through or Click Wrap

In this type of electronic signature, a signer is asked to affirm his or her intent or agreement by checking a box or clicking a button. The Click Through/Click Wrap approach is commonly used for low risk, low value consumer transactions.

Password or Personal Identification Number (PIN)

When using a password or PIN for an e-signature, a person is required to enter identifying information, which may include an identification number, the person's name and a "shared secret" such as a PIN or password. A password/PIN is more secure than the click through/click wrap method.

Digitized Signature

A digitized signature is a graphical image of a handwritten signature. This approach may use specialized hardware or software for additional security. A digitized signature is more secure than the password/PIN method.

Digital Signatures

A "digital signature" is created when the signer uses a private signing key to create a unique mark (called a "signed hash") on an electronic document. The recipient of the document uses the signer's public key to validate the authenticity of the private key and to verify that the document was not altered after signing. A digital signature is more secure than the digitized signature method.

Hybrid Approaches

Hybrid electronic signature solutions are available by combining techniques from various approaches to provide increased security, authentication, record integrity and non-repudiation.

An electronic signature used that is not authorized per the requirements of this policy or any administrative procedure developed pursuant to this policy or is used outside of the limits imposed therein may be considered invalid by Clover Park Technical College.

Resources:

Uniform Electronic Transactions Act (UETA)

Senate Bill 6028

WaTech Electronic Signature Guidelines #SEC-11-01-G