Implementing Digital Signatures

Every business wants to be paperless. We spend an exceptional amount of time and money to get to that point where our forms and files are all generated and stored electronically then we print out a contract or other document that needs signed and suddenly we have paper again. Paper that needs to be scanned and filed both electronically and in a paper file. Sometimes even multiple copies of the signed document are made, further increasing the paper that has to be filed and maintained. This entirely defeats the benefits of “going digital.” When thinking about your paperless process it is important to also consider what processes might force a document to go from digital to physical. Signing documents is one of those processes. With a little planning you can implement digital signatures across your entire organization for internal documents as well as for agreements with clients and other 3rd parties with whom you do business.

Let’s look at an internal document for example such as an expense report that needs to be signed by both the employee and someone authorized to approve the expenses. The simplest way I can think of to sign this document would be to just insert an image of your signature and place it over the line saved for your signature if you had printed the report. This method also works well for letters and email signatures. What about for more important documents like a contract for example? Digital signatures created using a digital certificate add a number of features that ensure the security and integrity of a document. PDF documents are in my opinion the best type of document for this type of signature; however, Microsoft documents all support digital certificate signing. Here is how signing works with a PDF. Your chosen PDF reader has a tool for creating a digital signature also sometimes called a digital ID. There are a few steps involved that include selecting the digital certificate you want to use, adding text, and/or an image to your signature. Once your digital signature is created you can use it to sign almost any PDF document. After you sign the document the document is secured. Information about the certificate and how it can be verified are stored inside the document as well as when the signature was attached. From this point forward if there are any changes to the document the signature becomes invalidated and informs anyone who opens the file of that fact. PDF documents support multiple signatures without invalidating the other signatures on the document.

I mentioned a digital certificate. A digital certificate is a file that is stored on your computer or mobile device that uses a public and private key to encrypt data and verify the validity of the certificate. You can create self-signed certificates for testing using applications downloaded from the internet. Windows even has a server role you can install to set up your own certificate authority for creating these digital certificates. I recommend however that if you need a digital certificate you go to a company like VeriSign, Symantec, or Comodo and purchase one. When you purchase a certificate from one of these providers you go through a verification process to ensure that you are…well…you. This also provides a level of security for other parties to the contract who want to make sure you are the one signing.

While setting up your own digital identity and obtaining your own personal digital certificate is a great way to sign and secure documents, I highly recommend you set this up. Requiring that your clients get digital signatures might however provide a barrier to them doing business with you digitally. Happily, there is a solution — as a matter of fact there are multiple solutions in the form of cloud services that simplify the process for all parties involved. My personal favorite is DocuSign, but there are at least a dozen others from which to choose. With these services you just upload your document and set it up for digital signatures using their web interface. Then the service sends links to all parties involved who need to sign the document. Once everyone has signed another link is sent to allow everyone to download the fully signed and executed documents for their records. But that’s not all. The document is signed with a digital certificate securing it from future changes. The certificate is given a serial number that links back to DocuSign’s database that provides a complete audit trail of the entire process that can be admitted as evidence in court if the contract is ever disputed. Using a service like this requires no special tools, software, or certificates, removing the barriers to adopting digital signing to almost any signature process.

Electronically captured images of signatures and certificates are not the only way to digitally sign something. A record in a data base that includes some personally identifiable information and a field that attests true to your intent to sign an agreement is also considered a valid digital signature. For example, when you signed up for that iTunes account when you got your first I phone you had to enter information about yourself and click a button or check a check box saying you agreed to their terms of service. Apple recorded that personal information in a database along with a checkmark in a column that says you agreed to their terms of service. You might not have realized it but you signed a digital contract when you agreed to those terms and conditions by just clicking a button.

Digital signatures have been recognized by the federal government for nearly 15 years as valid and have since been proven time and again to hold up in court. It is time to take your business to the next level and begin implementing digital signatures into your paperless workflow so that you can stop printing and filing all that paper.

Leave a Reply