8th July 2019
Electronic signatures allow you to sign documents online without having to manually print, sign, scan and return something which, let’s face it, can take up a lot of valuable time and resources.
Automation plays a big role in society and is a vital part of the business world we know today. Not only does it save time, but it also offers more productivity and efficiency to daily tasks and processes.
With that being said, it makes a lot of sense for documentation to be included in the automation conversation. After all, a large chunk of what business is relies on paperwork. Be it contracts, policies and procedures or audit trails – if you run a company, there’s documentation left, right and centre.
Types of E-Signatures
There are multiple ways in which electronic signatures can be created, including:
- A typewritten name.
- A tick in a checkbox on a website or a simple button click – for example, ‘I agree’.
- A scanned copy of a handwritten signature.
- Data in the electronic form with an advanced level of security.
- A digital signature that is created using Public Key Cryptography and Certificate Authority.
They can also be categorised into three groups:
Simple electronic signatures – Which include scanned signatures and tickbox plus declarations.
Advanced electronic signatures – Uniquely linked to the signatory, they are capable of identifying the signatory, and are linked to data within the signature that can detect any changes made.
Qualified electronic signatures – an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.
Electronic signatures are only as secure as the business processes and technology used to create them. High-value transactions need better quality electronic signatures – signatures used for these transactions need to be more securely linked to the owner in order to provide the level of assurance needed and to ensure trust in the underlying system.
Better quality electronic signatures can offer:
Authentication – linking the signatory to the information.
Integrity – allowing any changes to the information provided to be detected more easily.
Non-repudiation – ensuring satisfaction (in a legal sense) about where the electronic signature has come from.
So, we’ve established that electronic signatures mean much less paper and much faster administration for the businesses who use them, but there are still some frequently asked questions which could do with addressing, such as:
Are electronic signatures recognised by law?
What sort of regulations are involved?
How can you verify that an electronic signature comes from the name it’s signed by?
These are all very valid questions to have and it’s important for businesses and the individuals who use e-signatures to understand the laws surrounding them.
Electronic signatures are legally recognised in accordance with the Electronic Communications Act 2000, the Electronic Signatures Regulations 2002 and the eIDAS (electronic identification and trust services) Regulation.
According to the legislation, electronic signatures hold the exact same legal standing that a paper and pen signature does. However, in order to be recognised, they must be:
- Uniquely linked to the signatory.
- Capable of identifying the signatory.
- Created using methods that the signatory can maintain under their sole control.
The Information Commissioner’s Office (ICO) is the designated supervisory body for chapter III of the eIDAS Regulation and is expected to:
- Take action if necessary in relation to Trust Service Providers if informed that they allegedly do not meet the requirements set out in the eIDAS Regulation. This could mean issuing an enforcement or assessment notice requiring an organisation to take a particular course of action or a fixed monetary penalty of up to £1000.
- Inform other European supervisory bodies and the public about breaches of security or loss of integrity.
- Submit a report to ENISA (European Union Agency for Network and Information Security) on its main activities and any breach notifications on an annual basis.
- Carry out audits on Trust Service Providers where there is a justified reason for doing so;
- Grant, withdraw and renew ‘Qualified’ status to Trust Service Providers.
- Verify the existence and correct application of provisions on termination plans for Qualified Trust Service Providers including how the information will be kept accessible.
Verifying Electronic Signatures
Verifying a signature means to check the signature validity and whether any changes have been made to the PDF document since it was signed.
To Verify a Signature
Open a PDF document containing a digital signature.
Right-click a signature on the page and then select Verify Signature from the shortcut menu. The Validation Status information box shows the results.
Click Properties for more information about the signature. If the Validity Status is Unknown, you will have to verify the signature by contacting the signer. Click Verify Identity to see if the user has entered contact information. If so, you can confirm the signature’s origin by matching certificate numbers. If there is no contact information for a known signer, use alternate means to verify the signature.
To Verify a Time Stamp Certificate
Right-click a signature and select Verify Signature from the shortcut menu.
In the Validation Status dialog box, click Properties.
In the Signature Properties dialog box, click the Date/Time tab to view the time stamp authority. Then click the Show Certificate button in the General pane if the signer time-stamped from a third-party authority.
If the time stamp authority’s certificate is not trusted, click Add To Trusted Identities. If the time stamp authority’s certificate is not listed, you will have to request it from the signer.
It’s also possible to set your electronic signature preferences.
These can be set from File > Options > Security by clicking Signature Preferences and moving through the tabs: Verification, Creation and Windows Integration.
Under Verification, specify a default verification method and choose which method should be used to verify signatures; this default method or the method specified in the document. In the latter case choose how to proceed if no method is specified – be prompted or use the default. Choose which time to use for verification: current time, signature creation time, or a time embedded in the signature (for example a timestamp).
Under Creation define a method to be used when documents are signed and encrypted. Choose which information categories should be available.
Under Windows Integration, specify whether you want trusted identities stored in the Windows Certificate Store to be accepted when validating signatures and certified documents. If you want to decide on a case-by-case basis, you should not enable these options.
The Bottom Line
When all is said and done, electronic signatures are a fantastic way to minimise (or even completely eradicate) the need for physical paperwork, creating a more effective and time-efficient working environment. They allow you to avoid the old fashioned print-sign-scan-send routine and even ramps up document security.
Clarisse works as the Lead of our Customer Support Team to provide all of our customers with the very best care and guidance when using their HR software.