You are here

Guidelines for Development of Electronic Signature Processes

Effective Date/Issuing Authority

Effective Date: October 10, 2012

Issuing Authority: Chief Information Security Officer

Background and Purpose

In 1999, Pennsylvania adopted its Electronic Transactions Act (73 P.S. 2260), a version of the Uniform Electronic Transactions Act (“UETA”), in order to enhance and promote the reliability of electronic commerce. The UETA provides, among other things, that a record or signature “may not be denied legal effect or enforceability solely because it is in electronic form.”

The UETA does not stipulate any specific form or implementation of electronic signatures, instead requiring only that reasonable security procedures be used to authenticate the source of an electronic signature – to attribute it to a particular person. Reasonable security methods may vary depending on the risks associated with a given transaction.

These guidelines cover the proper development and use of electronic signatures. They are not applicable to purely internal University processes already addressed by workflow, TUmarketplace, or other existing applications centrally managed and supported by Computer Services.

Definitions

  1. AUTHENTICATION - To establish an electronic signature as genuine by verifying the identity of the person providing it.
  2. ELECTRONIC RECORD - A record, including a contract, which is created, generated, sent, communicated, received, or stored by electronic means.
  3. ELECTRONIC SIGNATURE - An electronic sound, symbol or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.
  4. TRANSACTION - A discrete event between two parties that supports a business or programmatic purpose.

Principles

Temple University supports the development and use of electronic signature processes. In accordance with Pennsylvania law, electronic signatures must be authenticated by reasonable security measures. The following are basic principles for developing, implementing and using an e-signature process:

Note: All requests to develop and use an electronic signature process must be approved by the cognizant Vice President/Provost and submitted to Computer Services/Infrastructure and Information Security and University Counsel for approval prior to implementation.

  • University policies and procedures applicable to contracts must be followed.
  • You must provide any consumer (individual) the option to use a paper signature.
  • Transactions must include an appropriate form of user authentication (e.g., AccessNet username/password, PIN, email verification, or digital certificate) with audit capability.
  • User must perform secondary action, such as clicking “I agree” or provide e-signature via mouse or some other input device.
  • User must input full name below e-signature.
  • Time and date of e-signature must be captured.
  • Along with the e-signature and the “I agree” check box, the typed full name and time and date must be bound to the electronic record in perpetuity.
  • Document must indicate in or on the recordation of the electronic signature that it was electronically signed.
  • After signing, the document must be transmitted in a secure fashion to all parties in a format acceptable by the applicable University record/file/database.; e.g., an appointment letter must be in a format acceptable to “Xtender” for Banner.
  • Additional processes may be required for the electronic record to satisfy notarization requirements and/or transactions being signed under penalty of perjury. These additional requirements must at least perform the same function as traditional notarization.