Electronic Signature Guidelines - Washington

Electronic Signature Guidelines

v 1.0, April 2016

Table of Contents

Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 These Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Determining the Need for a Signature . . . . . . . . . . . . . . . . . . . . . . . . . 3 Definitions and Characteristics of an Electronic Signature . . . . . . . . . . . . . 4 Required Electronic Signature Components . . . . . . . . . . . . . . . . . . . . . 6 Records Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Business Analysis and Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . 10 Drafting Your Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Submitting Your Policy to the OCIO . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Attachment A: Electronic Signature Procurement Related Resources . . . . .20

Purpose

The following individuals were members of the Electronic Signature Workgroup and participated as subject matter experts throughout the drafting and review of these Guidelines.

Julie Blecha, Secretary of State Scott Bream, Washington Technology Solutions Deborah Carr, Department of Early Learning Cindy Cavanaugh, Department of Licensing Johnna Craig, Office of the State Treasurer Bruce Dempsey, Department of Health James Gayton, Health Care Authority John Ginther, State Board for Community and Technical Colleges Sean Krier, Department of Health Mark Lyon, State Office of the Attorney General Roselyn Marcus, Office of Financial Management Troy Niemeyer, State Auditor's Office Wolfgang Opitz, Office of the State Treasurer Meredithe Quinn-Loerts, Department of Social and Health Services Becci Riley, Department of Enterprise Services Ryan Smith, Washington Department of Veterans Affairs Monika Vasil, Department of Social and Health Services Russell Wood, Secretary of State

This document provides Electronic Signature Guidelines for Washington state agencies to:

1. Help agencies determine if, and to what extent, their agency will implement and rely on electronic records and electronic signatures.

2. Provide agencies with information they can use to establish policy or rule governing their use and acceptance of electronic signatures.

3. Provide direction to agencies for sharing of their policies with the Office of the Chief Information Officer (OCIO) pursuant to state law.

These Electronic Signature Guidelines were developed in partnership with representatives from fourteen Washington state agencies. They are intended to be used to help state agencies best make risk-based decisions regarding electronic signatures and electronic records.

Page 1

Background

The use of electronic records and electronic signatures can significantly reduce costs, simplify transactions, and speed up transaction time. Until recently there has remained some confusion under Washington law about whether state agencies can use electronic signatures to authenticate electronic transactions and what kind of technology is permissible.

The law authorizing state agencies to utilize electronic signatures in the conduct of governmental affairs and other transactions is codified in Chapter 19.360 RCW. It provides that "the legislature, to the extent not already authorized by federal or state law, authorizes electronic dealings for governmental affairs" and "intends to promote electronic transactions and remove barriers that might prevent electronic transactions with governmental entities." 1

Unless otherwise provided by law or agency rule, state agencies may use and accept electronic signatures with the same force and effect as that of a signature affixed by hand.2 Where a "writing" is required by statute, an electronic record may be used, and whenever the term "mail" is used,3 the term includes the use of email or other electronic system, if authorized by an agency rule or policy.4

Each state agency may determine whether and to what extent it will use and rely upon electronic records and electronic signatures. Unless otherwise required by law, a state agency is not required to send or accept electronic records or electronic signatures for an agency transaction.5

However, there may be other state or federal laws that require use of electronic signatures or writings. Each agency will need to conduct its own evaluation of the relevant requirements. Each agency will also need to conduct its own business assessment and risk analysis of agency electronic transactions to determine if electronic signatures are appropriate, and identify the processes and technology necessary.

1

RCW 19.360.010

2

RCW 19.360.020

3

RCW 19.360.040

4

RCW 19.360.050

5

RCW 19.360.020(2)

Page 2

These Guidelines

Determining the Need for a Signature

In accordance with RCW 19.360.020(4), the Washington State Chief Information Officer (CIO), in coordination with state agencies, must establish standards, guidelines, or policies for the electronic submittal and receipt of electronic signatures by state agencies, taking into account reasonable access and reliability for persons participating in governmental affairs and governmental transactions. A state agency's policy or rule on electronic submissions and signatures must be consistent with policies established by the CIO.6

These guidelines satisfy the statutory requirement to provide state agencies with information they may use to implement electronic signatures and engage in electronic transactions as contemplated by Chapter 19.360 RCW.

While these guidelines are being provided by the CIO, state agencies shall be ultimately responsible for determining how and when electronic signatures and electronic records will be used, and agencies shall be responsible for any liability that may result from their use.

6

RCW 19.360.020(4)

Agencies should first determine whether a signature is required or desired. When evaluating whether to use an electronic signature for a particular transaction, it is important to ask two questions:

1. Is it legally required, and/or;

2. Is an electronically signed transaction desirable.

Legal Requirement for a Signature

In many cases, a transaction is governed by a law or regulation that requires the presence of a signature before it will be considered legally effective.

As a first step, agency staff should review law(s) applicable to the transaction and determine if a signature is required. If so, conducting the transaction electronically requires an electronic signature.

Transaction-Based Need for a Signature

If there is no legal requirement for a signature on a particular type of transaction, it is recommended that agency staff undertake a further analysis to evaluate the desirability of incorporating a signature. An electronic signature may be desirable where there is a:

yy Need for Emphasizing the Significance of the Transaction. A signature reinforces the significance of the undertaking. It gives the transaction a formal tone and drives home to the signing party the seriousness of the undertaking. In essence, it performs a cautionary function. It also gives the signing party a signal that they are entering into a legally binding transaction so the party understands the nature and importance of the transaction.

yy Need for Binding a Party to the Transaction. If the transaction involves an intent element (e.g., agreement, approval, acknowledgment, receipt, witnessing, etc.), a signature may be useful to help formally bind a person to that reason for signing and make it more enforceable (e.g., to mitigate

Page 3

Definition and Characteristics of an Electronic Signature

concerns regarding repudiation). Likewise, where there is a risk of fraud, a signature might be useful for enforcing enhanced criminal penalties. Thus, where evidence of a party's intent is important to the transaction, a signature can provide evidence of deliberation and informed consent.

Analysis for determining whether an electronic signature is required or desired for an electronic transaction can be summarized in Table 1.

Table 1

Signature Required by Law or Regulation Governing Transaction

Signature NOT Required by Law or

Regulation

There is a Need for Emphasizing the Significance of the Transaction

There is a Need to Bind a Party to a Specific Intent Transaction

Electronic Signature Required

Electronic Signature Recommended

Electronic Signature Required

Electronic Signature Recommended

All Other Transactions

Electronic Signature Required

Electronic Signature Optional or Not Needed

RCW 19.360.030(2) defines an electronic signature as:

"An electronic sound, symbol, or process, attached to or logically associated with an electronic record and executed or adopted by a person with the intent to sign the record."

This definition affords the parties to an electronic transaction the greatest possible flexibility in selecting an appropriate electronic signature solution. However, it also sets some parameters on what constitutes an electronic signature.

"An electronic sound, symbol, or process"

A wide range of digital objects may serve as an electronic signature. A digital object is any discrete set of digital data that can be individually selected and manipulated. This can include shapes, pictures, a string of numbers, or characters that appear on a display screen, as well as less tangible software artifacts. These objects can be as simple as a set of keyboarded characters or as sophisticated as an encrypted hash of a document's contents.

A process can also serve as an electronic signature. A process can create an electronic signature when a system used to create a signed e-record associates the recorded events of accessing an application with the content to be signed, thereby creating a virtual record of the signer's actions and intent. Often such signing processes also utilize a password, PIN, or other digital object for authenticating the signer.

"Attached to or logically associated with"

A penned signature becomes part of the paper document and remains with the document during transit and after it is filed. An electronic signature is considered to be "attached to or logically associated with an electronic record" if the electronic signature is linked to the record during creation, transmission and storage.

Page 4

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download