Electronic signatures and digital signatures can have a dramatic impact on your organization’s digital transformation initiatives, helping to increase productivity, accelerate sales, strengthen collaboration and simplify a wide range of processes across all departments.
However, to truly leverage e-signatures and digital signatures, you must ensure that your solutions adhere to the most stringent guidelines for security and regulatory compliance. Here are the most important and pertinent questions to ask potential vendors about security.
What options are available to verify signer identities?
First, you want to make sure that the processes used in your solution are compliant with e-signature laws such as the U.S. Electronic Signatures in Global and National Commerce Act (ESIGN Act) and the European Union’s eIDAS Regulation 910/2014 on electronic identification and trust services. The solution should offer availability of both e-signatures and digital signatures, as well as different options for single-factor and multifactor authentication.
For e-signatures to be legal, a signer’s identity must be verified. The first level of authentication should be achieved by sending an email request and private link to a specific person. To strengthen security, you can then use “enhanced authentication,” which adds another step in verifying the identity of the signer.
With a leading solution like Adobe Sign, the signer can choose from a variety of methods, such as IDs, passwords, phone PINs and knowledge-based authentication. You may also be able to leverage a physical ID, such as a driver’s license or passport, and build in processes that require explicit consent to do business electronically.
How are documents managed securely?
To ensure security throughout the signing and verification process, certain steps should be taken, including:
- Each signed document should have its own tamper-proof seal to confirm its integrity.
- Each step in the signature process should be logged, including a timeline as well as the specific form of identification used for each signer or approver.
- Each document should have its own audit trail that is delivered to all parties and securely stored.
What are the security processes for e-signatures and digital signatures?
E-signatures use the authentication methods described above as well as secure processes with an audit trail. Digital signatures follow the same guidelines but add certificate-based digital IDs backed by a trusted certificate authority (CA). In addition, digital signatures demonstrate proof of signing by binding each signature to the document with encryption. With digital signatures, the validation is done through CAs or trust service providers (TSPs).
Digital signatures offer the highest levels of security, using public key infrastructure for encryption, signing and certificate authentication. Digital IDs are used by CAs and TSPs that meet defined requirements.
It is important to ask your vendor about the size and breadth of its CA and TSP ecosystem. You’ll want to work with a vendor that gives you a broad choice of CAs and TSPs to ensure security and compliance with laws and regulations across all industries and geographic locations. You’ll also want to work with providers that support cloud-based digital signatures to enhance your support of mobile and web-based users and applications.
What security controls are included in the solution?
Your vendor should meet the most rigorous security standards and regulations, including ISO 27001, SOC 2 Type 2, the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS) and SAFE-BioPharma, among others. Adobe Sign goes a step further by employing a set of practices known as Adobe Secure Product Lifecycle. SPLC is a demanding set of several hundred specific security activities that are integrated into multiple stages of the product lifecycle. Among other activities, it includes software development practices, processes and tools.
Within three years, 75% of all IT spending will be on technologies that empower digital transformation, according to IDC.1 E-signatures and digital signatures are a critical factor, growing to a market size of more than $3.4 billion by 2023, according to Research and Markets.2 The opportunity to strengthen security is an important factor in fueling that growth. The research report notes:
“These signatures are helpful in eliminating frauds and thefts in many areas of security. By authentication of signatures of healthcare professionals, paper-based prescriptions can be digitally transferred from the doctor to the hospital's server, and then to the patient's pharmacy, thus inhibiting a person's ability to manipulate or forge the doctor's prescription.”
Are you ready to leverage e-signatures and digital signatures to strengthen security in your digital transformation efforts? Please contact Adobe to get started.
1 “IDC FutureScape: Worldwide IT Industry 2019 Predictions,” IDC, October 2018
2 “Global Digital Signature Market, 2013-2018 and 2023,” Research and Markets, Jan. 14, 2019