Get Instant Access
to This Blueprint

Data Business Intelligence icon

Adopting e-Signature

A step in your digital transformation.

  • Understanding and adhering to the right laws, e.g. when to use digital signature.
  • Optimizing document processing workflows.
  • Changing the culture from email and paper processing.

Our Advice

Critical Insight

  • E-signature can be an important entry point and model for modernizing your record or contract management operations, touching all hallmarks: automated workflows, governance controls within business units, and engagement by security and compliance teams.
  • E-signature is green, replacing paper-based processes and all their supporting energy-dependent activities such as physical document storage and delivery.
  • E-signature is more secure than paper-based forms of authentication, but participants should be educated about using it securely and should have the option to use an alternative.

Impact and Result

  • Create a detailed plan to ensure you’re positioned to adopt e-signature solutions with optimized processes and policies in place.
  • Ask the right questions to make sure you’re getting the solution you need, for example: Do you need an enterprise solution or feature? Does the solution provide multiple signatures on one document? Does it comply with GDPR?
  • Engage the right subject matter experts to define policies and implement them to adhere to applicable e-signature laws.

Adopting e-Signature Research & Tools

1. Adopting e-Signature Deck – A step-by-step document that walks you through how to properly plan for and implement an electronic signature solution.

Understand the resources and decisions required to introduce electronic signature (e-signature) to authenticate business transactions in a paperless and secure way.

This phased document acts as an introduction to the essential concepts in e-signature process, including laws, technology, security, and change to the digital culture. It includes a set of checklists, references, and worksheets to plan e-signature solution.

Adopting e-Signature – Phases 1-3

2. e-Signature Detailed Requirements Worksheet – A comprehensive checklist of features to refer to in the planning and selection of an e-signature solution.

Use this spreadsheet tool to assess the importance of each option in a detailed list of product features and the availability or performance of vendor products.

It's important to understand what solutions are possible, from adding on an e-signature feature, to an existing tool suite, to an enterprise-wide solution.

e-Signature Detailed Requirements Worksheet

3. e-Signature Policy Sample – An example of an e-signature policy to download and edit as part of the core guidelines for users and stakeholders.

Use this sample policy document to provide clear and formal guidelines to users, stakeholders, and technology support, including governance, responsibilities, purpose, and appropriate use of e-signature services.

e-Signature Policy Sample

Adopting e-Signature A Step in Your Digital Transformation

Insight summary

“E-signature, like other initiatives in the digital transformation, cuts across the organization – it’s deployed across functional teams. Make sure there are clear goals and accountabilities, as well as cross-functional representation.” –Vivek Mehta, Info-Tech Research Group

Overarching insight

With the shift to remote and flexible workforces, many organizations rushed to adopt digital ways of doing business such as e-signature. There are many important decisions to make when setting up an e-signature service for your team. Electronic and digital signatures touch many things and functional areas. By strategically thinking through these questions – both technical and legal – you’ll avoid confusion for users and risk for your organization.

Phase 1 insight

E-signature laws are not prescriptive – they don’t tell you exactly which documents need e-signature and which ones need digital signature or “wet” signature. With the input of business leads, IT, and legal counsel, organizations need to classify critical records and apply rules and processes for how they will be handled.

Phase 2 insight

Moving contracts around in an e-signature workflow means you need to think beyond the e-signature service to your overall records management practice. Where are the signed documents living and coming from? Are they tagged so that audits and workflows can find them?

Phase 3 insight

Consider the user experience when making decisions about e-signature solutions. While some solutions may have appealing up-front costs, they may complicate the experience for signers and end up slowing down business rather than enhancing it.

Tactical insight

Use some tactical small e-signature use cases to begin a strategic path to digital transformation, starting with working with an upcoming transformation project and incorporating a workflow and its documents as part of the changes.

“Across the board, businesses are going digital. They’re transforming customer-facing transactions and the customer experience as a whole by shifting away from paper and toward the adoption of electronic signatures across the enterprise.”

Source: Onespan, 2018.

Executive Summary

Your Challenge

Organizations are expected to offer digital, self-serve experiences. And that includes approving and signing important business contracts. The more quickly and securely you turn around contracts, the more you can build customer trust and more quickly recover revenue. Challenges:

  • Understanding and adhering to the right laws, e.g. when to use digital signature? Which products comply with GDPR?
  • Optimizing contract processing workflows.
  • Changing the culture from email and paper processing.

Common Obstacles

  • Understanding which e-signature regulations apply for certain transactions and instruments, i.e. which ones require physical signatures, digital signatures.
  • Helping users transition from paper or email forms of contract exchange to digital ones.
  • Ensuring your organization has the right solution for their cross-functional needs, e.g. do you need an enterprise e-signature solution or a business solution suite that happens to have e-signature with it?

Info-Tech’s Approach

We interviewed solution providers, legal experts, and digital transformation thought leaders to develop:

  • A detailed plan to ensure you’re positioned to adopt e-signature technology, for example, by having an optimized process and policies in place for the e-signature service.
  • A set of important questions to ask to make sure you’re getting the solution you need, for example, does the signer/partner also need a software license to sign?
  • A guide to the difference between e-signature levels of security, when to use them, and what’s involved.

Info-Tech Insight

E-signature can be an important entry point for modernizing your operations into a digital, self-serve organization. It touches all the hallmarks of a transformed business: automated workflows, governance controls within business units, and engagement by security and compliance teams.

What is e-signature?

E-signature is a catch-all term for paperless ways of signing documents

Digital signature is a special type of e-signature

Electronic signature or e-signature is a generic term for any paperless method used to authorize or approve documents which indicates that a person adopts or agrees to the meaning or content of the document. An electronic identifier, created by computer, attached or affixed to or logically associated with an electronic record, executed or adopted by a person with the intention of using it to have the same force and effect as the use of a manual record. There are special types of e-signatures based on security controls and technology, e.g. digital signatures are the most secure type of e-signature.

Source: NIST, June 2017.

Information lifecycle management

Information lifecycle management should be a comprehensive approach for managing information from creation to disposition. Your information management practice – including records management and supporting capabilities such as workflow and audit trails – are the foundation for e-signature. Where will your contracts come from? Where will the documents and audit trail live – in the e-signature document cloud or your own system?

The image contains a screenshot of Info-Tech's Information Lifecycle Model. The model includes four stages. The first stage is Generate, and it encompasses ideate and create. The second stage is Capture, and encompasses Ingest, index, and store. The third stage is Deliver and Utilize, it includes Retrieve, Update, and Publish. The fourth stage is Manage and Retire, and it includes Retain, Archive, and Destroy.

Although not all steps in the lifecycle are as urgent as others, it is important to understand how your information moves through the various stages. For example, when considering compliance requirements, how the information is managed and retired is of the utmost importance.

"Ingestion is arguably the most complex part of the information lifecycle. This is where most of your time will be spent. Once it is correctly indexed, the rest of the lifecycle should fall into place."

– Naveen Kumar, VP Consulting Services, Info-Tech Research Group

Refer to Info-Tech’s Embrace Information Lifecycle Management in Your ECM Program

Records

Records are a special type of content and require specific capabilities and a records management practice.

Includes paper, email, video conference recordings, attachments.

Records:

  • Any information created or received by an organization to conduct its daily activities.
  • There is a need for the record to be created to fulfill the organization’s business.
  • It must be recorded.
  • Can be generated internally or externally.
  • It’s the content rather than the medium or format that counts.

Non-records:

  • Too often, non-records are kept as part of a records management program.
  • Keeping non-records creates extra costs in staff time for processing and storage space.
  • Examples of non-records: reference materials, publications, brochures, and magazines that are not created by the organization.

What it means for the organization:

  • Retention policy & guidelines
  • Retention schedule
  • Legal counsel involvement
  • Disposition & archive solutions
  • Records Manager role/office
  • Automated workflows
  • Audit trails
  • Records owners
  • Classification scheme
  • Index

If e-signature workflow presents records for signing, then consider where the record and its e-signature audit trail will be stored, how and if the workflow will integrate with the records repository, and how the records management practice will ensure compliance.

Definition of “Record”:

"“Any recorded information, regardless of medium or characteristics, made or received and retained by an organization in pursuance of legal obligations or in the transaction of business.” "

Examples of records:

  • Payroll data
  • Health records
  • Contracts, e.g. Purchase, Lease
  • Policies & procedures
  • Income tax
  • Insurance policy information
  • Meeting minutes
  • Bids
  • Patents
  • Consent forms
  • Transcripts

E-signature is an initiative in the digital strategy

The digital target state is achieved through the delivery of digital initiatives and guiding principles (components 3 and 4 below) that achieve your desired outcomes. Your digital vision should be your organization’s vision:

The image contains a screenshot of the Company Digital Strategy on a Page.

The Digital Strategy on a Page consists of four components:

1. Digital vision

A high-level statement of what the organization aspires to be – its purpose and vision for the target state of digital transformation.

2. Digital investment thesis

A statement of purpose that guides investment decisions pertaining to digital transformation.

3. Digital guiding principles

High-level, directional statements about the objectives of the IT organization.

4. Digital initiatives

Depicts the in-flight digital initiatives, their owners, and a brief description of their benefits.

E-signature is a cross-functional process that validates a contract

An important part of digitizing a business operation is validating or approving contracts and transactions. Once you automate a process – part of the digital transformation of your business – you may need to build in authentication or validation points into the process flow. E-signature is one formal, legally binding way to approve and validate an agreement. There are other less formal ways to check and move documents in the workflow, such as having a record owner toggle the status of a file to advance it to archive or to publishing.

The image contains a diagram to demonstrate how e-signature is a cross-functional process. The first diagram has business lines or agencies. There are change iniatives throughout the diagram, where several ongoing change initiatives in siloes. These initiatives include shared functions like Legal, Compliance, and Finance. The second diagram demonstrates Cross-functional programs dedicated to redesigning existing or developing new customer journeys. One or two customer journeys as standalone, one off projects.
The image contains a screenshot of the Thought model E-Signature: A Key part of digital strategy. There are six steps highlighted in the thought model: Retrieve, Decide, Automate, Email, Sign, and Retain.

E-signing step by step

What happens when you receive an email request to sign a document electronically?

  1. Signer receives an email invitation to sign a document, with a link to the document.
  2. Signer’s identity is authenticated at the time the document is received, via email, login credentials, security questions, third-party identity check, or SMS PIN.
  3. Signer is presented with the document to sign, accessible on their mobile device or desktop. Workflow rules determine who the documents go to and what they can do.
  4. Capture signature data, the document, and audit trail metadata (e.g. time stamp).
  5. Signer’s identity is authenticated at the time of signing. Optional depending on the rules and assurance level.
  6. Signer electronically signs the document, using click to sign, click to initial, or a hand-drawn signature.
  7. Signer may add data from other supporting documents, e.g. driver’s license.
  8. Signed document is delivered electronically or by paper.
Source: OneSpan, 2017.

E-signature: How it works

Sender retrieves contract from Records storage

Use e-signature workflow to send email invitation to signer and provide link to contract

Which security level applies? E-signature, digital signature, physical/”wet” signature

Signer follows link & applies signature & returns contract

E-signature workflow notifies sender of completed signature

Save contract, signature data, audit trail

Some e-signature services also provide a “home’ to upload and store records.

Know where your data and contracts are kept. Does your jurisdiction require that data be kept in-country?

Define the workflow steps, signers, and rules.
Ensure there is a policy and a means to audit adherence.

Business unit leads should be engaged to decide policies, practices, and solutions (i.e. governance).

Different e-signature laws apply in different states, countries, and industries.

They also differ by instrument type, e.g. mortgage, patent, income tax.

Consult legal counsel and security.

Signer authenticates identity using email, login credentials, or PIN.

E-signature is usually required for mobile devices.

For digital signatures, the signer is asked to provide a key as extra assurance that the signer is who they say they are and that the document has not been altered.

There could be more than one signer and signature on a contract.

Not all e-signature services accommodate multiple signers.

Do you need e-signature service or feature?

E-forms software with e-signature feature

E-signature service

E-signature feature in existing software

Key product points
  • Form builder with workflow and e-signature add-ons
  • Automated workflows
  • E-signature and digital signature
  • All-in-one easy to set up and use
  • Examples: Formstack, SimpliGov
  • Primarily e-signature and digital signature service, with workflow, notifications, and reporting/audits.
  • Enterprise solution for multiple departments & document types.
  • Comes loaded with features and support.
  • Examples: DocuSign, Adobe.
  • You may already have e-signature as part of your software, e.g. Microsoft, ServiceNow.

Pros & cons

  • E-signature is for use in these specific forms, not for other documents.
  • Automated workflows with e-signature feature built in mean one inclusive setup.
  • Robust e-signature option but scales up to handle all enterprise documents and workflows.
  • Can apply e-signature solution to other services, especially where there is a strategic partnership.
  • Easily integrated with a service you’re using already.
  • Not an enterprise e-signature service, tend to apply only to the products in that platform.

Security

Are e-signatures secure?

Different levels of security for electronic signatures

Electronic signatures are secure and legal

  • E-signatures are more secure from fraudulent use than physical (“wet”) signatures
  • Different transactions and jurisdictions require different levels of security, e.g. digital vs. e-signature.

E-signature security assurances:

  • Access to the document, e.g. email sign-in, access code, security questions, or SMS text message passcode.
  • Audit trail in a separate record describes all events and users in the workflow.
  • Platform security, safeguards on the data and processes in the systems.

Digital signature security assurances:

  • Data encryption in transit and at rest.
  • PKI (keys).
  • Certification (by a third party).
Source: Government of Canada, 2019.

Levels of assurance for e-signature

User authentication

E-signature services provide a range of options to verify the identity of signers before giving them access to the documents, including email, PIN code, and security questions. You may also be able to integrate the e-signature service with other third-party authentication services.

The assurance level required for an e-signature dictates the assurance level required for user authentication.

Memorized secret token

Preregistered knowledge token

Look-up secret token

Out-of-band token

Single factor OTP device

Single-factor cryptographic device

Multifactor software cryptographic token

Multifactor OTP device

Multifactor cryptographic device

Assurance Level 1

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Assurance Level 2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Assurance Level 3

No

No

No

No

No

No

No

Yes

Yes

Assurance Level 4

No

No

No

No

No

No

No

No

Yes

Source: Government of Canada, 2019.

Digital signatures

How do digital signatures work?

The image contains two diagrams. The one on the left includes a diagram on the steps involved on signing a digital signature. The diagram on the right includes a diagram on verification on digital signatures.

Source: OneSpan, 2017.

Measure the success of your e-signature program

Customer experience: Measure the effectiveness of customer experience with sentiment, retention rate, return.

Time: Use e-signature and automated workflows to significantly reduce the turnaround time on completing contracts and the cycle time to recover revenue.

Digital transition: Track the number of users adopting e-signature and digital processing. How many manual and paper-based business processes have transitioned to e-signature? How many transitions from legacy systems and legacy system retirements?

Financial: Track administrative time to follow up on outstanding signatures. Track paper usage and storage space following the transition to digital workflows and e-signature, mailing.

Compliance: Track your organization’s adherence to standards and guidelines by business area.

Green business practices: Track reduced use of paper, delivery (fuel, vehicles), landfill.

Benefits of e-signature

Quantitative

Cost of handling paper

Other costs of using paper

Paper purchase, scanning, printing, disposal costs per year

Paper purchase $1,800

Printing/copy $7,200

Delivery
(mail, courier) $45,600

Scanning $58,800

Storage $24,000

Disposal $720

Total paper cost$138,120

Lost time: Signing paper takes significantly longer than signing electronically.

With e-signature, can sign multiple pages of a document at once.

Compliance and fraud costs: Paper can be lost or destroyed. Paper documents can be edited after signature.

Lost opportunity costs: Time spent chasing paper contracts could be directed to other business activities.

Document retrieval costs: Finding the right documents can take up to 25% of an employee’s day, amounting to tens of thousands of dollars per employee per year.

  • Assume each document has 10 pages, there are 3 copies (3 signatories) per document, and 10,000 documents per year.
  • US companies print 1.5 trillion pages per year.
  • Beyond the tangible costs of using paper-based signatures are the hidden costs that are harder to quantify, but the time and stress involved in manual processes (vs. automated) and physical handling (vs. digital) are real.
Source: DocuSign, 2020.

Benefits of e-signature

Qualitative

Feedback from employees

Industry findings

Impacts on employee work

Impacts on customer experience

  • The biggest benefit of electronic signatures is that they’re simple and easy to use. If you can open a link and click a button, you can use electronic signatures.
  • Electronic signatures are safer and more secure than traditional paper documents. Not only do they contain a signature, but they contain traceable information about who signed the document, when they signed it, and where they signed it.
  • The convenience of electronic signatures means there’s a much faster turnaround.
  • Electronic signatures are more cost-effective than the traditional pen-and-paper method. Not only do you save on paper, but you also save on postage, mailing supplies, and time. Over the years, these add up.
  • Companies who adopt eco-friendly business practices are favored over their competitors.

Phase 1

Discovery

E-signature use cases

E-signature workflows

E-signature laws

Model

E-signature roles

Governance and oversight

E-signature policy

Solution

Requirements

E-signature software review

Communications planning

Laws are a good place to start, but they do not provide answers to all detailed questions about adopting e-signature within your own organization. Consult your legal and IT security teams to make decisions about how to implement e-signature. Use cases will be valuable in understanding what activities are important and can benefit from e-signature services. Analyze your organization’s personas to see if they are ready for automation or require some coaching and an intuitive solution.

Background

The lack of e-signatures can become a show-stopper. The electronic signature solution is crucial for financial institutions.

Right-size solution for the use case

  • Multiple use cases with different risk levels, volumes, and complexity.
  • Identify opportunities for cost-effective contracts with e-signature vendors, economies of scale. Who really requires a license?
  • It makes sense to adopt more than one solution, if it makes sense for the use cases. However, there should be a catalog of acceptable (standard) products that integrate with the current systems and control “runaway” one-off solutions.

Key stats:

Division

Number of employees

Volume of documents

Document types

Corporate

200

3,000

Sales contracts

HR

50

1,000

Employee onboarding

Tax, NDAs

Invoices, Forms

TOTAL

Sample analysis, things to think about

Corporate
3,000 documents

HR
1,000 documents

Sales

2,000 documents

Requirements

  • Integrations (with email, document management system)
  • Implement/automate complex workflows
  • Scale up to projected 25,000 documents
  • Robust
  • Workflow (currently manual, costly, time-consuming)
  • Location/security of documents
  • Straightforward, only one signature per document
  • Document flows within one platform
  • Sales is a business-critical, customer-facing operation.
  • Customer service
  • Efficiency
  • Compliance, privacy
  • User friendly, mobile
  • Cross-enterprise or local?

Approaches

  • Enterprise-wide e-signature or digital signature solution, integrated with contract management systems and email
  • Audit trails, Access controls
  • Automated workflow

Explore using Microsoft’s e-signature tools, but consider:

  • Need to consult specialist to automate workflows
  • Use only in the Office platform
  • More than one signature required on a document?
  • Use e-signature feature or add-on module with existing sales or customer relationship management (CRM) system
  • Keep the e-signature authentication and workflow close to sales processing

1.1 Use cases

1-3 hours

  1. As a group, list use cases that are candidates for e-signature.
  2. We are not analyzing them in-depth yet. We’ll walk through a select number of prioritized use cases in exercise 1.2.
  3. Consider both:
    1. value stream activities, i.e. the essential reason for your business delivering products or services to consumers/partners; and
    2. supporting corporate activities like hiring or regulatory compliance.

    Wherever a formal and binding transaction, process, or decision may happen, these are places to look for applying e-signature.

  4. Prioritize the use cases. Use a ranking matrix of feasibility and urgency levels. Or, as a group, take a vote for each use case.
Input Output
  • List of key business stakeholders
  • Current state business architecture/capability map
  • Prioritized list of use cases (input for exercise 1.2)
Materials Participants
  • Prioritize use cases worksheet
  • Mind-mapping tools, e.g. Archimate, GroupMap, digital whiteboard
  • Records management office, content manager
  • Contract administrator
  • Business leads
  • Project sponsor/manager
  • Business architect/business analyst
  • Legal counsel

Prioritize use cases worksheet

Business activity

Stakeholders, Departments

Document types
(require signature)

Feasibility
(H, M, L)

Urgency
(H, M, L)

Occurrence/ Volume

Vote count

Provide a loan

Customer service, Broker, Bank, Applicant

Application, Loan agreement, Insurance policy

Onboard a new employee

Employee, Hiring manager, HR, Benefits provider, Payroll

Letter of employment, Income tax, Performance review, Benefits, Policies

1.2 Workflow

2-3 hours

  1. As a group, walk through and draw workflows for the selected use cases.
  2. A representative for the use case can lead the review for a workflow.
  3. Note the main documents in the workflow, what systems they’re in (email, accounting app), who signs them, and document type (this is important to help decide which type of signature is appropriate, e.g. physical signature, e-signature, or digital). Are any of these automated already?
  4. Note any opportunities for improvement, e.g. reduce duplication, improve flow, minimize manual or paper-based activities, identify informal or non-standardized processes across the organization, and ensure the right stakeholders are involved.
Input Output
  • Prioritized list of use cases (Exercise 1.1)
  • List of key stakeholders
  • Existing process flow diagrams
  • Diagrams of selected e-signature workflows (current state) with documents, stakeholders, and systems
  • Opportunities for improvement
Materials Participants
  • Online architecture drawing tool (e.g. Archi), mind-mapping tool (e.g. GroupMap)
  • E-signature workflow worksheet
  • Process Mapping Guide
  • Records management office, content manager
  • Business leads
  • Project sponsor/manager
  • IT/apps service lead
  • Business analyst/process owners

E-signature workflow worksheet

Step

Guidelines

Worksheet notes

Identify document(s)

Filename, URL

List all participants and signers

Names, email addresses, roles

1.

Give signers access to the document

Send email invitation, invite signers to log into portal or website, send a link embedded in an app, or send a QR code in a printed document.

2.

Authenticate signers

Existing customers may already have credentials.

Email authentication, dynamic knowledge-based authentication (KBA), SMS authentication, smart cards.

3.

Present documents to participants

If using a web browser to present to readers, then they don’t have to download software. They may want to print out the documents.

4.

Capture data from participants

In addition to their signature, you may ask the signer to enter other data in a field. Ensure your solution allows you to capture data at the time of signing.

5.

Upload documents

The e-signature service should allow signers or other participants to add documents to the transaction.

6.

E-sign document to indicate consent and intent

There are different ways to e-sign (such as click to sign or initial, digitized handwritten signature, and smart card signing).

7.

Deliver signed documents

Offer secure electronic or printed copies of the signed documents.

Source: Onespan, 2021.

Making sense of the laws: Canada

Provinces and territories base legislation on the Uniform Electronic Commerce Act (UECA)

  • In the United States and Canada, both federal and state or provincial/territorial levels have statutes that recognize e-signatures and electronic records as legal along with physical signatures.
  • All provinces and territories (except Quebec) have enacted legislation based on the Uniform Electronic Commerce Act (UECA) to ensure uniformity of electronic commerce practices.
  • Provinces adopting the UECA may modify its provisions for their own legislation.
  • As in the USA, the UECA does not deny legal effect because a record is in electronic form.
  • Consumer protection rules for electronic transactions between consumers and suppliers are in place at the provincial and territorial level. For example, in Ontario, consumer protection laws require the supplier to give the consumer the option of accepting or declining an electronic consumer agreement and to correct errors in the agreement.
Source: Baker McKenzie, 2020.

“There are a variety of legally valid ways to execute documents when putting pen to paper for a signature is otherwise not possible. Many businesses and individuals will have to continue to adapt to these methods as most of the world continues to work remotely as a result of the COVID-19 pandemic. Organizations should be mindful of the legal requirements for different types of documents.”

Source: Bereskin & Parr, 2020.

Making sense of the laws: USA

Two key statutes: UETA and ESIGN

  • In the USA there are two key statutes to keep in mind when considering e-signatures: the Uniform Electronic Transactions Act (UETA) and the federal statute Electronic Signatures in Global and National Commerce Act of 2000 (ESIGN).
  • Both statutes make electronic records and electronic signatures enforceable to the same extent as written documents and wet ink signatures (with some exceptions). When best practices are followed, electronic signatures and electronic records are enforceable in every state. Even if a state has not adopted UETA, ESIGN applies.
  • Most states have adopted UETA, and ESIGN generally gives priority to UETA while requiring any other e-signature law defer to ESIGN.
  • UETA includes more detail about the processes and downstream effects of electronic signatures or records.
Source: Finastra, 2019.

“UETA is often more important than ESIGN in states where it is adopted. ESIGN is more important in states where UETA has not been adopted.”

– Finastra

Making sense of the laws: Japan

Key legislation: Act on Electronic Signatures and Certification Business

  • Electronic signatures are commonly used in Japan for business to business (B2B) transactions.
  • The key legislation governing electronic signatures in general business contract in Japan is the Act on Electronic Signatures and Certification Business (Act No. 102 of May 31, 2000).
  • The e-Signature Act defines an electronic signature as a measure taken with respect to digital data in order to:
    • Indicate that such data was created by the signatory.
    • Verify whether such data has been altered.
  • In Japan there are several use cases that require a traditional “wet” signature. Electronic signatures or documents cannot be used for agreements that require notarization or handwritten signatures, e.g. notarial deeds, fixed-term land/building lease agreements, brokerage agreements for purchase of real property, and wills.
Source: Adobe, 2021.

“Although Japan has an Electronic Signatures Law, its requirements are complicated and unclear. Thus, when signing contracts, electronic signatures in accordance with the law are not a widespread practice in Japan.”

Source: Lexology, 2021.

Legality of selected products

DocuSign

Adobe Sign

  • DocuSign is highly compliant with many regulations and laws including:
    • US ESIGN Act
    • State Laws Modeled After 1999 UETA
    • UK Electronic Communication Act (2000)
    • European Directive 1999/93 EC
  • DocuSign meets specialized rules from the FDA, FTC FHA, IRS, and FINRA, among others
  • DocuSign offers a court-admissible Certificate of Completion with a comprehensive digital audit trail to confirm the validity of your transactions
  • Adobe Sign is highly compliant with many regulations and laws including:
    • ISO 27001
    • SSAE SOC 2 Type 2
    • FedRAMP Tailored
    • PCI DSS
  • Additionally, Adobe Sign can be configured or used in a manner to allow organizations to meet industry-specific compliance requirements such as IPAA, FERPA, GLBA, and FDA 21 CFR Part 11

Phase 2

Model

Discovery

E-signature use cases

E-signature workflows

E-signature laws

Model

E-signature roles

Governance and oversight

E-signature policy

Solution

Requirements

E-signature software review

Communications planning

Walking through the use cases will help understand and designate roles in the e-signature process, as well as ensure that the right number of licenses are acquired. Consider alternative signers for when designated individuals are on vacation or when there are employee changes. Ensure you have the resources -- in-house or professional services -- to maintain and further develop the e-signature solution. Use the policy as a formal statement from senior leadership about its commitment to a digital way of working, with guidelines about when to use e-signature, what capabilities and security are required, and who to go to with questions or issues.

E-signature governance framework

Who will be accountable for the process and solution?

  • There should be a central point of contact and overall accountability for making important decisions and providing support to user communities.
  • An enterprise-level owner can also coordinate the business units so that e-signature practices are standardized and integrated as much as possible and there isn’t a confusing or complex array of e-signature solutions throughout the organization.
  • E-signature is a critical process with legal aspects and deadlines. There should be a mechanism by which the governing framework is informed of any issues or non-compliance so that they can take steps to resolve the issue.
  • Governing roles and committees often already exist (e.g. IT governance, information management) and can be retrofitted to include policies and decisions for e-signature processes, with the input of appropriate subject matter experts.

Roles:

  • System admin/IT: Responsible for technical management and configuration of the e-signature solution. Provide technical support. Ensure security controls for user authentication.
  • Records management/contract management: Develop and oversee e-signature framework and use of electronic signatures. Monitor usage to ensure proper development. Act as point of contact for units and departments. Analyze use cases and requirements, recommend signature types and data classification. Submit to legal counsel for approval. Provide training to users.
  • Legal counsel: Provide legal advice on the use of the e-signature process, which document types require certain types of signature.
  • Business units: Ensure compliance with e-signature policies and procedures. Incorporate e-signature process into existing business processes, as needed. Contact Records Management to plan e-signature within a unit.

2.1 E-signature governance and roles

3 hours

  1. As a group, define the key roles in the management and oversight of the e-signature process.
  2. Leverage existing governance committees and roles rather than creating new ones.
  3. Ensure there is legal counsel, accountable ownership of the e-signature product, and owners of the records or contracts being signed.
  4. Include roles for technical support and an administrator who monitors the e-signature process.
  5. Include roles for managing the contracts (e.g. information architects or records managers who ensure valid metadata and classification) and for optimizing workflows. These workflows will change over time – the processes will need to be redesigned and new contract types submitted into the e-signature workflow.
  6. Security (cloud-based and on-premises) will be a key advisor for the e-signature service.
Input Output
  • List of business units impacted by e-signature
  • Existing governance framework and roles
  • E-signature governance framework (strategic, tactical, and operational)
  • Terms of reference/charter
  • RACI
Materials Participants
  • Whiteboard/Flip charts
  • Online architecture drawing tool (e.g. Archi)
  • Legal counsel
  • Records management office
  • Content stewards/owners
  • Information architects
  • Business leads
  • Project sponsor/manager
  • IT/system admin
  • Governance lead

E-signature policy

Policies provide clear guidelines and responsibilities

  • Draft a policy that addresses real user problems, for example, if users cannot access data that is locked away in some people’s email accounts or on their local devices, include a policy statement that says, “All authorized users will have access to the information they require to do their work.”
  • Get senior leadership sign-off.
  • Ask employees to sign the policy when onboarding. Tie employee performance to compliance with the policy.
  • Emphasize that the responsibility for good data management practices lies at every desk. Everyone is expected to understand the guidelines and to act on them.
  • Use technology to help users comply (e.g. automate practices) and to track and report compliance.
  • The policy document should be short (only two to six pages), simple, and directional. It can be accompanied by more detailed standard operating procedures.
The image contains a screenshot of the E-signature policy template.

Download the e-Signature Policy Sample

myPolicies service

Use Info-Tech’s myPolicies service to access completed policies

The image contains a screenshot of the myPolicies page. The image contains a screenshot of the E-signature policy template.

2.2 E-signature policy

4 to 6 hours

  1. Review existing policies for records or information management, access management, and e-signature. Identify gaps and changes.
  2. Review e-signature laws and guidelines for your country, region, and industry. For example, federal laws may take precedence over regional ones and vice versa.
  3. Certain industries have specific requirements, such as patents in engineering and research organizations.
  4. Ensure that the e-signature policy is reviewed and updated – e-signature requirements are changing to accommodate remote and flexible work models, virtual courtrooms, and global e-commerce.
  5. Policies are often administered by the HR office at onboarding or as part of an annual employee training and compliance process.
  6. Include definitions of terms such as e-signature, digital signature, and record.

Download the e-Signature Policy Sample

Input Output
  • List of existing policies
  • Sample e-signature policies
  • Organization policy template and procedure
  • e-signature policy outline
  • e-signature policy draft
Materials Participants
  • e-Signature Policy Sample
  • Co-authoring/collaboration tool
  • Legal counsel
  • Records management office
  • Content stewards/owners
  • Business leads
  • Project sponsor/manager
  • Policy/governance lead
  • IT/system admin
  • HR

Phase 3

Solution

Discovery

E-signature use cases

E-signature workflows

E-signature laws

Model

E-signature roles

Governance and oversight

E-signature policy

Solution

Requirements

E-signature software review

Communications planning

To get the most out of the vendor selection process, provide a few key use cases as well as functional and technical requirements. Ask the vendor to walk through those use cases as it would look with their solution. Consider the trail of the document from beginning to end -- make sure the service is compatible with all “stops” in the trail. Educating users about terminology and what’s possible will help them to ask the right questions during the demo, for example:

  • Does the solution comply with the GDPR?
  • Who will design the workflow to prepare for automation?
  • Does the service accommodate special file formats, such as drawings?

E-signature requirements

Use Info-Tech’s detailed requirements worksheet to select solutions

There are several important questions to ask when investing in an e-signature solution:

  • Can you attach multiple signatures to one contract?
  • Does the signer/receiver need a license to sign?
  • Is it intuitive for signers?
  • Are there alternatives or back-up solutions (e.g. if signers prefer a physical signature)?
  • Is the workflow easy to set up?
  • Where is the e-signature and audit trail data? (You may be required to keep it within your own country.)
  • Does the solution comply with privacy laws such as the GDPR?
  • Which price model is more cost-effective (e.g. price per user or price per transaction)?
The image contains a screenshot of the e-Signature Detailed Requirements Worksheet.

E-signature Software Reviews

The image contains screenshots of the electronic signature software reviews.

Rapid Application Selection Framework

Use Info-Tech’s RASF workbook to improve the efficiency and effectiveness of software selection

The image contains a screenshot of the Rapid Application Selection Timeline Template. The image contains a five week calendar with five phases to demonstrate a timeline.

The Rapid Application Selection Framework

Information system architecture

*Based on Info-Tech workshop with a Canadian municipal government

The image contains a diagram to demonstrate information system architecture.

DM = Document management

RM = Records management

Use this placemat visual of your information landscape to find out where documents live and move and to identify opportunities to improve or simplify the e-signature experience.

Communications planning

Use Info-Tech’s Communications Planning Template

  • Communication is key to the success of the program.
  • The lead has to be able to translate complex concepts for a range of audiences and levels and to communicate with experts in the IT and business communities.
  • Use the company’s collaboration tools to share questions, education, and progress openly.
  • Identify champions and influential “followers” – they will help broadcast your data story.
  • Identify the people who may challenge your project and have influence in the organization. You will need to manage these stakeholders so they don’t impede progress.
  • You should now have a starter list of contacts from the discovery work. Use Info-Tech’s Communications Planning Template to deliver your message consistently and frequently.

Download the Communications Planning Template

The image contains two screenshots of the Communications Planning Template.

Definitions:

Electronic signature (e-signature)

A paperless method used to authorize or approve documents which indicates that a person adopts or agrees to the meaning or content of the document. An electronic identifier, created by computer, attached to, affixed to, or logically associated with an electronic record, executed or adopted by a person with the intention of using it to have the same force and effect as the use of a manual record.

Digital signature

A specific signature technology implementation of electronic signature that uses cryptography to provide additional proof of the identity of a signer and integrity of a document. This cryptography uses Public Key Infrastructure (PKI) technology to issue digital certificates. Validation is typically done through trusted Certificate Authorities (CAs) or Trust Service Providers (TSPs).

Record

Information created, received and maintained as evidence and as an asset by an organization or person, in pursuit of legal obligations or in the transaction of business.

A record is anything that contains information that needs to be kept as evidence of a decision or action, regardless of the medium.

Contributors

Name Role Organization

Anthony Costa

Data and Analytics Research Analyst

Into-Tech Research Group

David Glaser

Data Strategy

Into-Tech Research Group

Ryan Huggett

General Counsel

Into-Tech Research Group

Vivek Mehta

CIO – Digital Transformation Research and Advisory Director

Into-Tech Research Group

Andy Neill

Chief Enterprise Architect, AVP Data and Analytics

Into-Tech Research Group

Bibliography

“9 Ways eSignature Drives ROI.” DocuSign, February 1, 2020. Web.

Adobe Sign. “U.S. Guide to Electronic Signatures: An Overview of Federal and State Law.” 2017. Web.

“Adopting a Global eSignature Strategy for Large Banks and Financial Services.” Cryptomathic. 2019. Web.

“Are Electronic Signatures Safe?” DocuSign. 5 May 2020. Web.

“Beginner’s Guide to Electronic Signatures.” OneSpan. July 2018. Web.

“Best Practices for Electronic Signatures and Delivery: A Realistic Guide for Community Banks and Credit Unions That Want to Improve Efficiency and Deliver Better Customer Experiences.” Finastra. 2019. Web.

Bordoli, Jonathan. “8 Electronic Signature Best Practices to Build in to Your Workflow.” TechTarget. 31 July 2020. Web.

Bradbury, Danny. “New E-Signature Law a Win for Advisors.” The Globe and Mail. 10 June 2020. Web.

Branch, Amanda and Siobhan Doody. “Signing Contracts While Working Remotely: Use of Electronic Signatures During COVID-19 Pandemic.” Bereskin & Parr, 27 July 2020. Web.

Burke, Jackson. “Electronic Signatures vs. Digital Signatures … What’s the Difference?” AssureSign. 2021. Web.

Combs, Chris. “DocuSign vs. Adobe Sign: Which is Right for Your Business?” LinkSquares. 10 July 2018. Web.

Cooper, David et al. “Security Considerations for Code Signing.” National Institute of Standards and Technology (NIST), U.S. Department of Commerce. 26 January 2018. Web.

Delmage, Craig. “E-Signatures Overview: What You Need to Know!” Algonquin College. 12 February 2019. Web.

“Electronic Signature Laws & Regulations – Japan.” Adobe, 18 Nov. 2021. Web.

“Electronic Signatures in Global and National Commerce Act.” 106th Congress Public Law 229. 30 June 2000. Web.

“Electronic Transactions Act.” Uniform Law Commission. Web.

“Fast-Track Your Enterprise Digitization: Best Practices for Deploying E-Signature as a Shared Service.” OneSpan. May 2018. Web.

Grassi, Paul et al. “Digital Identity Guidelines: Authentication and Lifecycle Management.” NIST Special Publication 800-63B. NIST, June 2017. Web.

“Guidance on Using Electronic Signatures.” Treasury Board of Canada Secretariat - Government of Canada. 15 July 2019. Web.

Larrivee, Bob. “E-Signatures in Europe: Understanding the Legal Requirements for Proof of Intent.” AIIM. 2016. Web.

Mulliner, Jeannine. “Best Practices for Building Your Electronic Signature Workflow.” OneSpan. 17 November 2021. Web.

---. “How to Use Electronic Signature in Banks: Top 5 Use Cases.” OneSpan. 15 March 2019. Web.

Maeda, Yoji et al. “Current Status of Electronic Signatures Law and Presumption of Authenticity in Japan.” O'Melveny & Myers LLP. Lexology, 2021. Web.

“Records.” ARMA Glossary of Records and Information Management Terms, 5th Ed. ARMA International, 2016. Web.

Smoktunowicz, Stephan and Catherine Phillips. “Electronic Signatures Are Valid: What’s the Catch on Finance Transactions?” Gowling WLG., 18 February 2020. Web.

Tibberts, Mark. “The Law of e-Signatures in the United States and Canada.” Baker McKenzie. 20 March 2020. Web.

“Understanding Digital Signatures.” DocuSign. 2021. Web.

Wright, Geoff. “A Complete Guide to Electronic Signatures.” JotForm. 4 March 2020. Web.

Additional Technology Selection Services

The image contains a screenshot of Software Reviews. The image contains a screensgot of Contract Reviews.

SoftwareReviews

Contract Reviews

Info-Tech offers comprehensive software reviews to make better IT decisions.

  • Learn from the collective knowledge of real IT professionals.
  • Evaluate market leaders through vendor rankings and awards.
  • Cut through misleading marketing material.
  • Confidently select your software.

You need proven processes you can rely on to get the right contracts for your organization and build better vendor relationships.

  • Know the right and wrong price for the software you're purchasing.
  • Manage future costs.
  • Improve your contract negotiation skills.
  • Home in on the optimal contract language.

To find out more about any of these services or sign up, please contact your account manager.

DIY Toolkit

Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.

Guided Implementation

Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.

Workshop

We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.

Consulting

Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.

Diagnostics and consistent frameworks used throughout all four options

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on This Topic

You can start as early as tomorrow morning. Our analysts will explain the process during your first call.

Get Advice From a Subject Matter Expert

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.

Unlock Sample Research

Author

Andrea Malick

Contributors

  • Anthony Costa, Research Analyst, Info-Tech Research Group
  • David Glaser, Principal Researcher and Advisor, CIO/Digital Strategy, Info-Tech Research Group
  • Ryan Huggett, General Counsel, Info-Tech Research Group
  • Vivek Mehta, CIO/Digital Transformation Research and Advisory Director, Info-Tech Research Group
  • Andy Neill, Chief Enterprise Architect and AVP Data & Business Intelligence, Info-Tech Research Group
  • Three anonymous contributors

Related Content: Enterprise Content Management

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy