When introducing any layer of information and document security you need to mitigate the risk of negatively impacting the day-to-day running of the organisation.
However, electronic signatures (e-signatures), when integrated with content and process systems, provide an opportunity to not only enhance document security, but also speed up many business processes that can be delayed by the need to obtain one or more signatures.
Of course, the use of e-signatures (the act of signing a document electronically whether using keyboard, mouse, signature pad or mobile device) is not new. In fact the regulation that governs them is more than a decade old, such as the E Act 2000 and UETA (Uniform Electronic Transactions Act) in the US and an EU directive.
Until now, e-signatures have been slow to fulfil their real potential. Firstly, there is still a lot of education that needs to be done to demonstrate that e-signatures are far more secure than their wet ink and paper-based counterparts. After all, we have been physically signing documents (whether via a wax stamp, or ink) for hundreds of years and we are creatures of habit.
However, this anxiety does not seem to be shared by generation X and Y that have grown up online. Geography has also had a bearing on the growth of e-signatures, with countries such as Estonia and Latvia leading the way as a part of national e-identity initiatives.
Another factor has been technology. An organisation may have the slickest processes and workflows thanks to their core systems, but at some point it is likely that a signature from an external third-party will be needed for an order, contract or claim to be completed.
Internally they may have been using e-signatures for years, but the system has prohibited them from being able to deal with third parties in the same way, access to the application is necessary.
As a result, a very familiar, frustrating and cumbersome process begins whereby the document is attached to an email and sent. The recipient then opens the attachment, prints it out, signs and then returns the document either via post, fax, or scan and email.
From a security perspective, the problem with this approach is a loss of control over the whereabouts of the document, as it could be printed multiple times, mislaid or lost in transit or stolen. Furthermore, there is no way to validate whether the person who was required to sign the document was indeed the person that took the action.
Imagine if this is a consent form for a medical procedure, a high value order, transaction or claim - the subsequent ramifications could be severe. Also from a business perspective, this process is slow and a delay in a business process typically means an increase in cost, especially if multiple signatures are required.
Today, the latest systems are able to seamlessly integrate e-signature technology (such as AssureSign) wherever they are required within the process, allowing protected documents to be securely signed by the authorised person/s, using a secure HTTP connection and a valid email address.
Now when a document needs signing, an email is securely routed to the intended recipient, but rather than an attachment, a link is embedded within the message that once clicked opens the document, which resides securely on the organisation's controlled and contained portal. Once the recipient signs the document (either dynamically, typed, or in some instances using biometrics) an automatic notification is sent to the person/team overseeing the process.
Crucially, at no stage does the document leave the control of the organisation holding the information and it provides a clear audit trail history, as you can see at what date and time the document was accessed and signed and from which IP address. If the document is challenged you can quickly trace and reconstruct events.
Whenever we think of security we typically think of how we can improve the integrity of our systems and minimise user inconvenience. When it comes to e-signatures heightened security sits hand in glove with improved performance from your core business systems.Shawn Hickey is head of product management at Perceptive Software