Purpose:
This policy establishes when an electronic signature may replace a written signature and when an electronic record may replace a paper document in official activities of Dyersburg State Community College.
Scope:
This policy applies to Dyersburg State Community College and to all forms of electronic signatures and electronic records used to conduct the official business of the College. Such business shall include, but not be limited to electronic communications, transactions, procurements, contracts, grant applications and other official purposes.
Policy:
- Use of Electronic Signatures
a. Mutual agreement by the parties
i. This policy applies only to transactions between parties each of which has agreed to conduct transactions by electronic means.
ii. Whether the parties agreed to conduct a transaction by electronic means is determined from the context and surrounding circumstances, including the parties’ conduct.
iii. An electronic signature may be accepted in situations if the requirement of a signature/approval is stated or implied.
b. Signature required by TBR or College policy
i. When a TBR or College policy requires that a record have the signature of an authorized person, that requirement is met when the electronic record has associated with it an electronic signature using an approved electronic signature method.
ii. When a TBR or College policy requires a written signature on a document, that requirement is met when an electronic document has associated with it an electronic signature using an approved electronic signature method.
c. Signature required by law
i. When there is a legal requirement, in addition to TBR or College policy, that a record have the signature of an authorized person, that signature requirement is met when the electronic record has associated with it an electronic signature using an approved electronic signature method which complies with applicable TBR/College policy, Tennessee law, and federal law.
ii. When a legal requirement, in addition to TBR or College policy, requires a written signature on a document, that requirement is met when an electronic document has associated with it an electronic signature using an approved electronic signature method, which complies with applicable TBR/College policy, Tennessee law, and federal law.
d. The signing of a record using an approved electronic signature method does not mean that the record has been signed by a person authorized to sign or approve that record. Appropriate procedures must be used to confirm that the person signing the record has the appropriate authority and intent to sign the record.
e. If parties have agreed to conduct a transaction by electronic means and a law requires a person to provide, send or deliver a signed document to another person, the requirement is satisfied if the information is provided, sent, or delivered as the case may be, in an electronic record capable of retention by the recipient at the time of receipt.
i. An electronic record is not capable of retention by the recipient if the sender or its information processing system inhibits the ability of the recipient to permanently retain the electronic record containing the signature. - Approval of Electronic Signature Methods by the Approval Authority
a. The final approval of any electronic signature method will be by the approval authority.
i. In determining whether to approve an electronic signature method, consideration will be given to the systems and procedures associated with using that electronic signature, and whether the use of the electronic signature is at least as reliable as the existing method being used.
ii. This determination will be made after a review of the electronic signature method by the appropriate authorities.
b. An approved electronic signature method may limit the use of that method to particular electronic records, particular classes of electronic records, or particular TBR or college departments.
c. In the event that it is determined that a previously approved electronic signature method is no longer trustworthy, the approval authority must revoke the approval of that electronic signature method. - Approval Authority
a. An Electronic Signature Method Committee will review new electronic signature methods and make recommendations to the President.
b. The Vice President for Finance and Administration shall serve as the committee chair.
c. The committee membership shall include the Vice President for Finance and Administration, the Vice President for Technology, the Director of Administrative Services, the Director of Computer Services, the Dean of Students, and the Business and Student Financial Services Manager.
d. The President of the College will be the final approval authority for all electronic signature methods. - Request for Approval to Authorize and Implement the Use of Electronic Signature Methods
a. A written request for approval to proceed in developing a process for the application of electronic signatures must be submitted to the Campus Approval Authority. This request shall include:
i. Identification of the specific transaction to be conducted by electronic means.
ii. The form in which the process will take place. Example transactions/methods include:
- Signature approval granted via authenticated (user id/password) to an application system such as Banner/Luminis.
a. Purchasing using SciQuest
b. Online registration and bill payment using a Banner account
c. Admissions Application - Signature approval granted via authenticated (username/password) access to an electronic message (i.e. e-mail)
a. Approval of contracts
b. Approve waivers for exceptions to admissions policy
c. Status changes in HR
d. New hires
e. Terminations
f. Leave Requests, payment requests, travel vouchers, travel approval requests - Faxed or scanner signatures verified by the receiving party. Such means of verification shall include:
a. The receipt of a faxed signature from a facsimile number verified as belonging to or traceable to the party that signed and transmitted the document.
b. The receipt of a scanned or emailed signature from an email address verified as belonging to the party that signed and transmitted the document. Email access being based on unique credential (username/password) will be accepted as the electronic record for the email and associated attachments from vendors. The electronic signature will be the scanned document containing the authorized written signature from the vendor/contractor. - Identification of the department(s)/position(s) which will be authorized to use the proposed electronic process.
- Identification of the risks associated with using the proposed electronic process, including a clear description of the control processes and procedures that will ensure adequate preservation, dispensation, integrity, security, confidentiality and auditability of the electronic records.
- A step-by-step procedure for implementation of the process.
- TBR legal review to verify that the electronic signature method complies with applicable laws governing the creation and use of electronic signatures.
b. Approved electronic signature methods will be entered in the institutional inventory of approved electronic signature methods by the chair of the Electronic Signature Method Committee and forwarded to TBR Office of Information Technology.
- References
a. T.C.A. § 47-10-101, et.seq. – Tennessee Uniform Electronic Transactions Act
b. T.C.A. § 10-7-101, et.seq. – Tennessee Public Records Act
c. TBR Guideline G-070 – Disposal of Records-RDA 2161
d. TBR Guideline B-095 – Use of Electronic Signatures and Records
e. TBR Policy 1:08:00:00 – Information Technology Resources
Compliance:
All Dyersburg State Community College faculty and staff are responsible for complying with this policy.
Definitions:
| Term | Definition |
|---|---|
| Electronic Signature | An electronic sound, symbol, or process, attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record. An electronic signature must be attributable (or traceable) to a person who has the intent to sign the record with the use of adequate security and authentication measures that are contained in the method of capturing the electronic transaction (e.g., use of personal identification number or personal log-in identification username and password), and the recipient of the transaction must be able to permanently retain an electronic record of the transaction at the time of receipt. |
| Electronic Record | Any record created, used, or stored in a medium other than paper, such as: information processing systems, computer equipment and programs, electronic data interchange, electronic mail, voice mail, text messages, information in PDAs and similar technologies. To the extent that facsimile, telex, and/or tele copying, and/or former hard copy documents are retained in electronic form, through a scanning process, they are also considered electronic records. |
| TBR | Tennessee Board of Regents |
| Record | Information that is inscribed in a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form. Financial and other documents or forms are records. |
| Electronic transaction | Transaction conducted or performed, in whole or in part, by electronic means or electronic records. |
| Electronic | Relates to technology having electrical, digital, magnetic, wireless, optical, electromagnetic or similar capabilities. |
| Approved Electronic Signature Method | Method that has been approved in accordance with this guideline and applicable state and federal laws, and which specifies the form of the electronic signature, the systems and procedures used with the electronic signature, and the significance of the use of the electronic signature. |
| Certificate | An electronic document used to identify an individual, server, a company, or some other entity and to associate that identity with a public key. A certificate provides generally recognized proof of an entity’s identity. |
| Public-key infrastructure (PKI) | A form of information encryption that uses certificates to prevent individuals from impersonating those who are authorized to electronically sign an electronic document. |
| Public key | A value provided by some designated authority as a key that, combined with a “private key” derived from the public key, can be used to effectively encrypt messages and digital signatures. |
| Private key | An encryption/decryption key known only to the party or parties that exchange messages. In traditional private key cryptography, a key is shared by the parties so that each can encrypt and decrypt messages. |
Revision History:
Policy written in October 2014. Approved by Administrative Council on 10/31/2014.