SILANIS TECHNOLOGY INC. Tommy Petrogiannis President esignature Requirements Gathering Silanis Technology Inc., 2006 Silanis grants to BFMA the right to use and distribute this material. Symposium 06 Speaker Paper Session 44 Date: January 2006
DETERMINING YOUR REQUIREMENTS The importance of properly understanding your requirements prior to evaluating an esignature solution cannot be overestimated. Detailed requirements will provide you with a blueprint for the right solution, facilitate the evaluation and selection process, and enhance your bargaining position with vendors. There are three areas from which you will gather requirements: Business Process Compliance IT COMPLIANCE REQUIREMENTS Requirements gathering starts at the compliance level. All other requirements will be driven by these needs. Business processes are governed either by legislation, regulations, standards, or internal business policy. LEGISLATION ESIGN, UETA, GPEA, HIPAA. REGULATIONS & GUIDELINES FDA, FAA, FFIEC, FTC. POLICIES & STANDARDS OMB, MISMO, ACORD, NIST. Some legislation such as ESIGN and UETA are enabling laws that establish the legal equivalency of electronic records and signatures to their paper-based counterparts. Other legislation and regulations may govern a specific process that is targeted for automation and therefore will indirectly dictate compliance requirements. State regulations on disclosure delivery or authentication standards set out by the US PATRIOT Act are just a couple examples of indirect compliance requirements. The requirements outlined in these laws and regulations are intentionally technology neutral. Mapping legal requirements to the right technical solution can be challenging and organizations often rely on
subject matter experts such as solution providers, lawyers, and consultants to ensure a fully compliant solution. Compliance requirements will differ depending on the process to be automated however the following list outlines some of the common esigning features recommended to ensure compliance: Uniform capture of intent Provides secure document and user authentication Creates secure audit trails of entire process Evidence permanently stored in a single erecord Accurate presentation and review of documents esignature applied to what is displayed Electronic records are made available to all parties Electron8ic records can be accurately reproduced Provide legal control of authoritative copies (applicable to negotiable instruments) BUSINESS REQUIREMENTS After your compliance requirements are outlined, you will be ready to begin gathering your business requirements. Start by creating a detailed workflow of the current paper-based process and the future process with electronic signatures. Creating this before and after picture will help expose many of your business requirements and will also quickly highlight direct cost and time savings which will be the basis for your benefits calculation. Consider all the following phases of your process (outlined in the figure below) when creating the workflow: LAWS, REGULATIONS, STANDARDS, POLICIES Content Forms Document Production & Editing Enterprise Business Applications Signing Authentication Review Delivery Presentation Routing Digital Copy evault EXECUTION TRANSMISSION CONTROL RELIABLE, AUDITABLE BUSINESS RECORDS Content Storage Document Processing & Archival Enterprise Data Processing
Below is an example of a Before and After comparison of a New Customer Application process:
As with compliance, business requirements will differ depending on the process to be automated however the following list outlines some of the common esigning features recommended to ensure compliance: Support for multiple document formats Customizable process for signing, transmission, control, storage Support for multiple methods of signature capture Support for various methods of user authentication Multiple signature and sectional processes Co-exists with paper process requirements E-delivery, distribution and notices of documents Easy to Use IT REQUIREMENTS Technology requirements are driven by the business and compliance requirements outlined above. Document or data format will be dictated by the process workflow and other requirements. For example, Microsoft Word is an ideal fit for internal, ad hoc processes while PDF better addresses the presentment and distribution requirements of web-based, consumer processes. Integration requirements will be partially determined by the chosen document format. The need to share approval process data with other systems may be required if for example the completion of the approval process initiates another process such as invoicing upon the execution of a sales contract. Finally, consider the ability of an electronic signature solution to meet the needs of the enterprise, not simply the initial process target(s). Electronic signatures are an enterprise technology and should therefore be flexible enough to support the wide range of processes throughout an organization. To ensure your esignature implementation grows with your organization s needs over time, look for the following: Scales easily across business applications, users, volumes Support for desktop, web and server-based applications Integrates with desktop and/or enterprise applications Support for industry and technology standards