When you embark on an e-signature project, you’ll have a long list of requirements. The following questions will likely be top of mind: Are the resulting e-signatures legal. Can I easily integrate the solution within my infrastructure? Do I need an on premise, or a cloud solution? These are all important considerations.
Here’s one requirement to add to your list, can the e-signature be validated outside of the e-signature vendor’s environment? The answer should be a resounding “Yes.”
Validating an e-signature’s integrity is critical, now and in the future. The ability to analyze a document and determine whether or not it has been tampered with, makes using e-signing technology arguably more secure than a traditional pen-on-paper process. If you can’t perform that kind of analysis, the solution will eventually lose much of its value.
Before I dive into the importance of standards, let’s step back, and explain the value of e-signing versus a paper process – the key is the ability to confirm the integrity of the document, at any time.
The Paper Process
Applying a wet ink signature onto a piece of paper places a representation of your signature onto that document. There are no mechanisms in place to prevent someone from adding or modifying existing text within the document. The document itself can be easily tampered with after the signing takes place. Even the signature itself can be manually copied and placed at different locations within a document.
The Non-Verifiable E-process
An analogous issue can be inherent in an electronic signing solution, too. Solutions that insert a pure image of your signature into a document – instead of a real standards-based electronic signature – suffer exactly the same disadvantages as the traditional paper-based process described above.
Specifically, the signature can be easily copied, tampered with, and reused and you have no way to detect this has occurred. Obviously, this defeats the purpose and is not desirable. What you need is a solution that is safer and more secure than the traditional paper process.
Optimally, an electronic signing solution should make it obvious the document was tampered with. If you are using e-signatures, but cannot guarantee the integrity of the document, you are missing one of the key benefits and advantages of using e-signing as opposed to wet ink paper signing (besides the obvious efficiency and cost benefits). Although most e-sign solutions guarantee the integrity of their signed documents, many don’t guarantee it in a standards-based manner.
I’ll argue that by relying on such solutions, you run the risk of being left with a database full of non-verifiable documents. This is because you will be dependent on your solution provider for signature validation. So how can we resolve this issue? To me the solution is obvious, the consequent use of standards for the electronic signatures that you place into valuable documents and contracts.
Standardization Protects Documents
The ISO standard will solve your long-term e-sign validation issues. The Portable Document Format (PDF) is specified as a digital form for representing documents in the ISO 32000-1 standard. This format enables users to exchange and view electronic documents easily and reliably. The ISO 32000-1 standard identifies the ways in which an electronic signature, in the form of a digital signature, may be incorporated into a PDF document to validate the integrity of the document’s content. The use of electronic signatures for PDF documents following ISO 32000-1 is specified in “Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles” (ETSI TS 102 778).
Your e-signature solution should supports the ISO 32000-1 standard. As a result, any document e-signed using a handwritten, biometric, or click-to-sign signature, can be validated with any standard, compliant PDF Reader. Not only can your organization validate electronic signatures independently, but your own customers will also appreciate the ability to validate their copy of the e-signed PDF as well.
The use of proprietary software that locks you into one particular vendor is a thing of the past. Demand support for ISO 32000-1 and ensure your e-signed documents can be validated, anytime, without locking you into a solution – or, worst, locking you out of your e-signed documents.
Originally published on http://services.kofax.com/