Digital signatures

Posted by

Looking for a standard for digital signatures vs electronic signatures. Anyone have something to share?

——————————
Gibson Energy ULC
——————————

With respect to archiving I would suggest signing PDF (chose the Version carefully) and long term validity (LTV) enabled signatures so the document shows the validity of the certificat at the moment of signing rather than at the moment of verifying (which may be years later when the signee’s certificate may have been revoked).
This is an important aspect for tool selection as not all tools allow the creation of LTV enabled signatures.
As for all projects, define your requirements first. The business purpose and the scope of a signature has an impact on technology, cost and finally complexity. Dealing with PDF can become terribly complex. Signing them doesn’t make it easier. Good luck!

——————————
Skyguide
——————————

disagree completely,,,,,you need to first determine whether you need an electronic signature or a digital signature, then determine what changes to the process are required, including policy and procedure updates, where appropriate, followed by managing the overall document library that now will contain some electronically signed and some non-electronically signed, which will require updates to how information history is being maintained. for reasons such as these (there are many more), you need to identify your requirements first, THEN decide what type of electronic signature is required.

It doesn’t matter what version of PDF if you are including a digital signature as PDf is standardized, but you would need to decide several things such as whether you will require a TSA, what type of dig sig you will accept (class 1, 2, or 3 ?), who will maintain the certificates and issue them, whether you will require signature validation upon receipt and that information is then maintained as part of the document history (when received, by whom, who signed, how it is processed, etc.).

caution should be exercised when trying to select technology before requirement definition at a sufficient level to make the right decision for the organization !

Yup, what Robert said.

 

I’ve had a similar experience and agree with Robert. Here’s a few things I would include..

If you have ever done a file plan for records management, the content categorization is fundamentally the same. However, instead of identifying retention and disposition you will be identifying the level of security to be applied, what the triggers are and any other required processes or workflows.

The other thing is, just like we can never expect business users to become records managers, the same is similar for digital signatures. Automate the process so your users can focus on their jobs instead of worrying to much about digital signatures.

If ypu have any questions, please don’t hesitate to ask!

Microsoft SharePoint MVP (2006-2010)
——————————

If you are considering (non-digital) electronic signatures, these are generally held as data in the system holding the document, rather than with the document itself. A digital signature becomes part of the document and can be ‘upgraded’ with the document. If you use a simple electronic signature that is separate from the document (eg. electronic signatures in some EDMS systems using a username, password and meaning), then consideration needs to be made for long term archiving.
What happens if the system has a major upgrade impacting the signature data or the system is replaced with another system?

How do you pass the document to another organization (or system) with the electronic signature data? This can be a significant difference between an ‘electronic signature’ and a ‘digital signature’.
Take care, Don

——————————
Acuta LLC
——————————

Thank you everyone, this information is all helpful! What a great community!

——————————
Gibson Energy ULC
——————————

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.