Administrative Guidelines for the Use of Electronic Signatures



Similar documents
California Uniform Electronic Transactions Act (UETA)

Title. This chapter may be cited as the "Uniform Electronic Transactions Act." TOC

Montana Code Annotated 2011 Title 30, chapter 18, part 1 Electronic Signatures

PENNSYLVANIA STATUTES TITLE 73. TRADE AND COMMERCE CHAPTER 41. REGULATORY ELECTRONIC TRANSACTIONS CHAPTER 1. PRELIMINARY PROVISIONS

NEW MEXICO STATUTES ANNOTATED CHAPTER 14. RECORDS, LEGAL NOTICES AND OATHS ARTICLE 9A. UNIFORM REAL PROPERTY ELECTRONIC RECORDING ACT

CHAPTER 6. UNIFORM ELECTRONIC TRANSACTIONS ACT

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Procedures associated with Board Policy 5.22

AN ACT RELATING TO ELECTRONIC TRANSACTIONS; ENACTING THE UNIFORM ELECTRONIC TRANSACTIONS ACT; ESTABLISHING STANDARDS FOR THE

Minnesota State Colleges and Universities System Guideline Chapter 5 Administration

Best Practices Electronic Signature Requirements January 20, 2014

University of Louisiana System

New York State Electronic Signatures and Records Act

APGO GUIDANCE ON DOCUMENT AUTHENTICATION. Table of Contents

Moving Towards an Electronic Real Estate Transaction

NC General Statutes - Chapter 66 Article 40 1

CHAPTER 116. C.12A:12-1 Short title. 1. This act shall be known and may be cited as the "Uniform Electronic Transactions Act."

City of Minneapolis Policy for Enterprise Information Management

U.S. DEPARTMENT OF EDUCATION

Authentication of Documents. Use of Professional Seals

ELECTRONIC RECORD AND SIGNATURE COMPLIANCE. NASD Rules 3010(d) and 3110(c)(1)(C) SEC Rule 17a-4 15 USC 7001 et. seq. (E-SIGN)

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

IC Sec IC may be cited as the Unifonn Electronic Transactions Act. As added by P.L SEC.l.

Authentication of Documents/Use of Professional Stamps

Digital Signatures For Engineering Documents

Issues to Address: The Privacy Concerns of Individuals

AUTHENTICATION STANDARDS FOR THE USE OF ELECTRONIC SIGNATURES IN ELECTRONIC DOCUMENTS JANUARY 8, 2008

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

ELECTRONIC SIGNATURE REQUIREMENTS FOR LENDERS

THE MICHIGAN ELECTRONIC RECORDS STANDARDS

ELECTRONIC SIGNATURES

Electronic Signature, Attestation, and Authorship

1 L.R.O Electronic Transactions CAP. 308B ELECTRONIC TRANSACTIONS

Electronic Signature Recordkeeping Guidelines

Digital Signature Policy Guidelines. Version 1.1. March Contains corrected links to documents

State of Arizona Policy Authority Office of the Secretary of State

SUBJECT: INFORMATION TECHNOLOGY RESOURCES I. PURPOSE

The Virginia Electronic Notarization Assurance Standard

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

Independent Insurance Agents & Brokers of Louisiana 9818 Bluebonnet Boulevard Baton Rouge, Louisiana

Electronic and Digital Signatures

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE. 15 USC 7001 et. seq. (E-SIGN) and

Electronic Signature: Increasing the Speed and Efficiency of Commercial Transactions

RECORDS COMMISSION[671]

[Brought into force by appointed day notice on 16 th June 2003.]

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT

CERTIFICATION OF ENROLLMENT ENGROSSED SUBSTITUTE SENATE BILL Chapter 72, Laws of th Legislature 2015 Regular Session

Policy for the Acceptable Use of Information Technology Resources

ELECTRONIC DOCUMENTS A Board Interpretative Guideline

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Tell us how much to withdraw from this Account. Write a specific amount or ALL next to each Investment Option.

White Paper. The E-Sign Act. Use and enforceability of identifiers, passwords and personal identification numbers as signatures

Article. Robust Signature Capture Using SigPlus Software. Copyright Topaz Systems Inc. All rights reserved.

Electronic Signature Article

JUDICIARY OF GUAM ELECTRONIC FILING RULES 1

erecording Best Practices for Recorders

NYS BEST PRACTICE GUIDELINE G04-001

REVISED UNIFORM FIDUCIARY ACCESS TO DIGITAL ASSETS ACT (2015)

ELECTRONIC TRANSACTIONS ACT 1999 BERMUDA 1999 : 26 ELECTRONIC TRANSACTIONS ACT 1999

COMPUTER MISUSE AND CYBERCRIME ACT

Guidelines for the use of electronic signature

LAWS OF BRUNEI CHAPTER 196 ELECTRONIC TRANSACTIONS ACT

BERMUDA ELECTRONIC TRANSACTIONS ACT : 26

Electronic And Digital Signatures

FRESNO COUNTY EMPLOYEES' RETIREMENT ASSOCIATION INTERNET AND USAGE POLICY

The Electronic Transactions Law Chapter I Title and Definition

Federal Trade Commission Privacy Impact Assessment

Electronic Signature Guidelines

Electronic Records Management Guidelines

Electronic Signatures: A New Opportunity for Growth. May 10, 2005

CHAPTER Committee Substitute for Committee Substitute for Senate Bill No. 494

Transcription:

Administrative Guidelines for the Use of Electronic s I. Introduction II. Scope & Applicability III. Electronic Acceptance & Use IV. E- Approval V. Implementation and Security Procedures VI. Misuse of Abuse of Electronic s or s Appendixes A. Ink to E- Level of Assurance Versus Risk Matrix B. Glossary I. Introduction To potentially increase the efficiency of University business that requires authorization, the University of Alaska System (hereafter the University ) may require that members of the University community to accept and use electronic signatures (e-signatures) as part of an electronic transaction (e-transactions) to conduct business processes that previously required handwritten signatures and approvals on paper documents. It is the intent of this guidance that all internal University business units and processes will accept the use of e-signatures except in rare circumstances that require notarization, are prohibited by law, or when a heightened level of security and /or assurance is required as outlined in Section V. II. Scope & Applicability This administrative guide applies to all units of the University and all members of the University community. Members of the University community include students and employees, prospective students and employees, patients, business partners, and other individuals who are associated with the University. The University may require members of the University community to conduct university transactions electronically and formally acknowledge their agreement to University transactions in which they are parties by affixing an e-signature. III. Electronic Acceptance & Use A. The University accepts e-signatures as legally effective and enforceable consistent with Alaska Statute AS 09.80.010 et seq., the Uniform Electronic s Act (UETA). Under Alaska law, electronic signatures are equivalent to handwritten signatures to signify an agreement wherever applicable. B. Parties external to the University community as described above in Section II; will be strongly encouraged to use e-signatures. Whether the parties agree to conduct a transaction by electronic means is determined from the context and surrounding circumstances, including the parties conduct.

C. E-signatures and the associated data to validate the e-signature are an integral part of a record. Electronically signed documents must follow the same record retention as those using wet signatures. The signature and means to verify it need to be maintained for the full records life cycle. D. The University s right or option to conduct a University transaction on paper or in nonelectronic form shall not affect the University s right, option, or obligation to have documents provided or made available in electronic format. E. The decision to use an e-signature should be weighed against the costs, complexity, and risk identified with the transaction. F. The University provided DocuSign is the preferred and supported e-signature method for the University other systems using electronic verification appear in section V. IV. E- Approval & Initialization It is the intent of this guidance that all university business units and processes will accept the use of e-signatures wherever a wet signature is currently acceptable; however, the University reserves the right to designate specific transactions that are not to be conducted using e- signatures. These exceptions shall be limited to those documents requiring the highest level of security or level 3 Assurance as outlined in section V below or are otherwise prohibited by law. A. For enterprise level transactions the appropriate vice-president in consultation with the Chief Information Technology Officer will determine if a document or process meets the criteria for exception. B. For internal campus-level transactions, the Chancellor or his/her designee will identify those documents that meet the criteria for exception. C. Units will review annually the e-signature exceptions based on risks, security levels, and methodologies. V. Implementation and Security Procedures A. Electronic signatures may be implemented using various methodologies depending on the risk tolerance and level of assurance required for the transaction, and all relevant state, federal, and university policies, regulations, and guidelines. Examples of transaction risks include fraud, integrity, non-repudiation, and financial loss. The quality and security of the electronic signature method shall be commensurate with the risk and needed assurance of the authenticity of the signer (See Appendix A - Ink to E- Level of Assurance Versus Risk Matrix). B. The University shall adopt security procedures for e-signatures that are practical, secure, and balance risk and cost.

C. The security requirements for a University transaction include, but are not limited to, password policies, secure transmission policies, access control policies and other relevant policies and regulations, as well as pertinent federal and state regulations. D. Levels of Security 1. Minimal level of security: a. General information found on a web site b. Any document accepted not requiring a signature is suitable for this level c. Any document whose disclosure that would not have an adverse impact on the University 2. Heightened level of security: a. An internal official business communication b. An internal approval that requires a signature c. Items that could have an adverse effect on the university, assets, or public interest 3. Highest level of security: a. The transaction would initiate an irreparable action b. Any transaction that would require a witnessed signature (notarized) in written form c. Where electronic signatures are prohibited by law E. Levels of Assurance for Authenticity (See Appendix A-Institutional Risk Vs Level of Assurance Diagram) 1. Level 1 assurance of the authenticity. A level 1 assurance of authenticity corresponds to communications or information that do not require a signature or authentication. 2. Level 2 assurance of the authenticity. A level two assurance requires a UA-system single factor authentication against a trustworthy UA-system that provides assurance and reliability of the process. A level two assurance corresponds to a University provisioned e-signature such as DocuSign or an internal system Workflow. An example is the electronic time sheet process that relies on a banner workflow (UA trustworthy reliable process) along with employee and supervisor access to the system. 3. Level 3 Assurance. A level three assurance for authentication corresponds to a verified and witnessed signature in the presence of a notary to document title transfer, deed, or trust. F. Systems Utilizing Electronic Verification System Type of Banner (INB, SSB, & UAOnline) Password/login authentication OnBase Captured signatures and/or records processed via DocuSign Password/login authentication Email Cryptographic signatures and/or DocuSign processed attachments DocuSign Password/login authentication, multi-factor

VI. Misuse or Abuse of Electronic s and s Misuse or abuse of electronic signatures and transactions may violate Board of Regents Policy, University Regulation, and Office of Information Technology policies. Sanctions for misuse or abuse of electronic signatures and transactions may include disciplinary action, up to and including termination of employment for employees and action under applicable Student Codes of Conduct for students, and criminal prosecution under applicable Federal and state laws.

Appendix A Ink to E- Level of Assurance Versus Risk Matrix Levels E-signature or Ink Type of s Risk Level 0 None None All other s Wet Required by Law or Regulation Governing not needed E- Required by Law or Regulation Governing not needed None Level 1 UA Domain E-mail access or not required Unwitnessed ink-signature or not required Standard business practices E-signature not recommended E-signature not required Minorsignificant can be absorbed Level 2 Level 3 Identity requires single factor authentication against a UA system Identity requires multistep or factor authentication Unwitnessed signature Verify with card Witnessed signature/ Notarized There is a need for Emphasizing Seriousness of There is a need to Bind a Party to specific intent Required by both parties (signer and approver) Witnessed Required/ Notarized Recommend E-signature Currently not available at UA Substantial warrants effort to recover loss Major irreparable action or damage

Appendix B - Glossary Authentication Authentication means the process of securely verifying the identity of an individual prior to allowing access to an electronic University service. Authentication ensures that the user who attempts to perform the function of an electronic signature is in fact who they say they are and is authorized to sign. Authorization Authorization means verifying that an authenticated user has permission to access specific electronic University services and/or perform certain operations. Electronic Electronic means a technology that has electrical, digital, magnetic, wireless, optical or electromagnetic capabilities or similar capabilities. Electronic record or e-record Electronic record or e-record means a record of information that is created, generated, sent, communicated, received or stored electronically. Electronic signature or e-signature Electronic signature or e-signature means an electronic sound, symbol or process that is attached to or logically associated with a record and that is executed or adopted with the intent to sign the record. Electronic transaction or e-transaction Electronic transaction or e-transaction means an action or set of actions that is conducted or performed, in whole or in part, electronically or via electronic records. Information Information means data, text, images, sounds, codes, computer programs, software, databases or similar items. Non-Repudiation Non-Repudiation means the inability of either party in a voluntary transaction to reject, disown, or disclaim the validity of that transaction. Record Record means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and that is retrievable in perceivable form made or received by the university that is evidence of its operations, and has value requiring its retention for specific period of time. Recorded information, regardless of medium or characteristics, made or received by the university that is evidence of its operations, and has value requiring its retention for a specific period of time.

[State of Alaska Records Definition AS sect 40.21.150 (6)] Record means any document, paper, book, letter, drawing, map, plat, photo, photographic file, motion picture film, microfilm, microphotograph, exhibit, magnetic or paper tape, punched card, electronic record, or other document of any other material, regardless of physical form or characteristic, developed or received under law or in connection with the transaction of official business and preserved or appropriate for preservation by an agency or a political subdivision, as evidence of the organization, function, policies, decisions, procedures, operations, or other activities of the state or political subdivision or because of the informational value in them; the term does not include library and museum material developed or acquired and preserved solely for reference, historical or exhibitions purposes, extra copies of documents preserved solely for convenience of reference, or stocks of publications and processed documents. Repudiation Repudiation means the willful act of either party in a voluntary transaction to reject, disown, or disclaim the validity of that transaction. Security Procedure Security Procedure means a procedure that is used to verify that an electronic signature, record, or performance is that of a specific person; to determine that the person is authorized to sign the document; and, to detect changes or errors in the information in an electronic record. This includes a procedure that requires the use of algorithms or other codes, identifying words or numbers or encryption, callback or other acknowledgment procedures. means an action or set of actions occurring between two (2) or more persons relating to the conduct of business, commercial, or governmental affairs. Unit Unit means the University organization conducting business by means of an e-signature such as a college, department, auxiliary, or administrative division. University A University means a transaction conducted in support of the University s teaching, service mission, research, or administration missions.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information