This policy is designed to provide reasonable assurance for the integrity, authenticity, and nonrepudiation of electronic documents when electronic signatures and submissions are used and accepted; and to promote the use of electronic signatures and submissions throughout Lower Columbia College (LCC).
This policy and its procedures apply to all LCC employees participating in the approval, selection, acquisition, and implementation of an electronic signature solution.
The use of electronic records and electronic signatures can significantly reduce costs, simplify transactions and speed up transaction time. Lower Columbia College (LCC) intends to promote electronic transactions and remove barriers that might prevent electronic transactions throughout the college. Changes to Washington law make it clear that organizations are allowed and encouraged to use and accept electronic signatures to authenticate electronic transactions. Unless otherwise specified by law, electronic signatures have the same force and effect as that of a handwritten signature.
State agencies must meet the following requirements in order to use and accept electronic signatures or electronic submissions:
State agencies are required to put in place by policy or rule, the methods and process for using or accepting electronic submissions or electronic signatures.
Electronic records and signatures must be consistent with policy, standards and guidelines provided by the state's chief information officer.
To the fullest extent allowed by law, Lower Columbia College (LCC) encourages electronic transactions and recognizes electronic records and signatures. The use and acceptance of electronic signatures and electronic submissions/records shall be consistent with the guidance and requirements put in place by the Office of the Chief Information Officer (OCIO), if any.
The Vice President of Administrative Services in consultation with the Director of IT Services and the Finance Director shall approve specific methods and processes for electronic signatures and submissions. These approval authorities may be delegated at the discretion of the VP of Administrative Services.
The approval of solutions shall be coordinated through the IT Services department. The VP of Administrative Services shall determine a suitable review and approval process to be used when determining which solution(s) are suitable for a particular type of record or transaction. Where appropriate, a team approach shall be used.
Approved solutions shall be listed in the related procedures.
An electronic signature is a sound, symbol, or process attached or associated with an electronic record and executed or adopted by a person with the intent to sign the record. The integrity and authenticity of a record with an electronic signatures needs to be preserved over time. Signatures are used when:
In practice, electronic signatures emphasize one or more of the following four parts:
The assurance that an electronic signature is that of the person purporting to sign a record or otherwise conducting an electronic transaction.
When an individual has both verified permission and the requisite authority to sign a record, access specific college services, or perform certain operations, including executing binding agreements.
A record created, generated, communicated, sent, received, or stored by electronic means.
Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.
Integrity refers to the assurance that a record is preserved without any alteration that would impair its use as an authentic record. Both accuracy and the completeness of the electronic record must be preserved.
In this type of electronic signature, a signer is asked to affirm his or her intent or agreement by checking a box or clicking a button. The Click Through/Click Wrap approach is commonly used for low risk, low value consumer transactions.
When using a password or PIN for an e-signature, a person is required to enter identifying information, which may include an identification number, the person's name and a "shared secret" such as a PIN or password. A password/PIN is more secure than the click through/click wrap method.
A digitized signature is a graphical image of a handwritten signature. This approach may use specialized hardware or software for additional security. A digitized signature is more secure than the password/PIN method.
A "digital signature" is created when the signer uses a private signing key to create a unique mark (called a "signed hash") on an electronic document. The recipient of the document uses the signer's public key to validate the authenticity of the private key and to verify that the document was not altered after signing. A digital signature is more secure than the digitized signature method.
Hybrid electronic signature solutions are available by combining techniques from various approaches to provide increased security, authentication, record integrity and non-repudiation.
|Procedure 725.1A||Use of Electronic Signatures and Submission Procedures||VP Administration and Director of Information Technology Services|
|Electronic Signatures in Global and National Commerce Act||E-Sign Act|
|Title IV of the Higher Education Act of 1965||Higher Education Act|
|Standards for Electronic Signatures in Electronic Student Loan Transactions||US Dept. of Education|
|Washington DES Laws, Rules, and Policies website|
|Washington OCIO Electronic Signature Guidelines|
|RCA 1.80 Uniform Electronic Transactions Act|