Resource Center 

Solution Selection And Deployment Considerations

As you familiarize yourself with the various external drivers surrounding electronic signature implementation, you may come to the conclusion that deploying electronic signatures will require a significant investment from your organization. The reality, however, is that your organization has most of what it needs today - from business processes and workflow, to user authentication, security and infrastructure.

Below are a number of things to consider as you evaluate your options to develop and deploy electronic signatures.

Compliance and Business Requirements

From an IT perspective, the single most important issue to consider is how to translate compliance and business requirements into a solution. Failure to implement a legally-enforceable or E-SIGN compliant process exposes your organization to business risks. Consequently, if you are considering building a solution in-house using an API, you must also have the required legal and process expertise in order to develop a compliant e-signing ceremony based on digital signature technology. Alternatively, you can select a solution provider that has already integrated the necessary compliance and business requirements into their electronic signature offering. This will enable you and your organization to focus on your core competencies and critical business activities, rather than having to become experts in electronic signature legislation and the underlying technologies.

Document Formats

Selecting the right document format is critical to the success of your electronic signature solution. Is the signing process internal to your organization or does it involve external parties? Is the process ad-hoc or repeatable? For example, if your internal users are responsible for creating their own documents, such as budgets, proposals and timesheets, the most appropriate document formats may be Microsoft Word or Excel. If, on the other hand, the signing process requires external users to fill out the same type of information each time, then a form-based document format such as XHTML, PDF, or FormFlow maybe more appropriate. Either way, you must ensure that the electronic signature solution you deploy provides support for the document formats that are most suitable for your business process.

Workflow

The electronic signature solution you deploy should integrate with your business process and workflow infrastructure. It must not force your organization to unnecessarily re-engineer its business processes in order to fit the limitations of the electronic signature solution. Otherwise, you may need to purchase and implement an additional workflow infrastructure to support the electronic signature solution. Your best bet is to choose a solution that is “docu-centric” that embeds the electronic signature in the native file format of the signed document, producing an electronic equivalent of an ink-signed paper document. This approach allows you to maintain your existing front-end and back-end workflow components, such as business rules, decisioning, and DMS, while enabling you to securely revert back to paper if needed.

Authentication

One of the biggest questions likely to arise from your e-signature initiative is how to authenticate users. More often than not, the business process under consideration already authenticates users. For example, a bank identifies customers via a personal identification number (PIN) that is issued in the mail. An online store authenticates buyers via a credit card or credit check process. An organization authenticates employees via a network login. Your selected electronic signature solution should enable you to incorporate one or more of these authentication methods into the electronic signing process, while also providing support for PKI, smart cards, biometrics or other forms of electronic credentials as needed. To select the authentication method that best suits your requirement, your organization must first determine whether your existing method for authenticating users is sufficient, or whether it needs to be supplemented for use with the electronic signature solution.

PKI/Digital Certificates

A frequent question that often arises is how to deploy PKI and digital certificates with your electronic signature solution. PKI-based digital certificates are one approach to user authentication that may or may not be required for your business process. Typically, PKI-based deployments are best suited for extremely sensitive and secure operations, such as high-value, commercial transactions or approval processes at the Department of Defense. Most of today’s electronic signature deployments, in fact, do not use PKI and end-user digital certificates because the desire for additional assurance and security did not outweigh the resulting expense and complexity. Nonetheless, the electronic signature solution you choose should be able to accommodate PKI and digital certificates should the need arise at a future date.

E-Signing Methods

Electronic signature solutions are often associated with a tablet-based, signature device such as those used by large department stores at the point-of-sale. This is natural since we are accustomed to seeing our handwritten signatures in the contracts and documents that we agree to. While this is a perfectly acceptable method for capturing electronic signatures in customer-facing environments, such as at a bank or car dealership, it is not practical for Web-based signing processes as it forces users to purchase and deploy additional hardware. Your electronic signature solution needs to provide alternate e-signing methods such as electronic process signatures that enable consumers to “click-to-sign” using only a Web browser and a mouse. An enterprise electronic signature solution should also support “token”-based signing. Token-based signing uses a digital certificate that is generated specifically for an individual and stored on a hardware device such as a smart card. The digital certificate can either be self-issued by the organization or provided by a trusted third party issuance authority.

Distribution/Download of signed documents

Many processes require that all parties to a transaction be able to retain a verifiable copy of the executed document. An electronic signature solution must, therefore, enable your organization to provide users with a secure copy of the electronically-signed document or contract for their own records. The solution must also distribute these copies in a secure manner to address privacy concerns.

Standards-Based

To ensure interoperability and compatibility with your existing IT investments, an electronic signature solution should be based on industry standards. XML or XHTML over HTTP are common integration protocols for Web-based server applications. For non Web-based, client applications, native plug-in support for common applications such as Word, Excel, Acrobat, Form Flow, and PureEdge is ideal.

Cryptographic Security

An electronic signature solution should use industry-standard security and cryptographic algorithms. Ideally, the solution you choose has been in successful production for a number of years and has been certified by an industry standards organization such as FIPS or DoD’s JITC program.

Auditability and Evidence

A key component of any electronic signature solution is the auditability and evidenceit provides. Ideally an electronically signed document contains an audit trail that identifies the signer, and indicates whether any unauthorized changes have been made. Unauthorized changes should visibily invalidate, the document and audit trail.

Furthermore, the electronic signature solution should record additional evidence surrounding the transaction that produced the electronically signed document. For example, in a web based click-to-sign process, the entire web based sequence of events, including the review, approval, and download of documents, should be captured, recorded and cryptographically correlated to the electronically signed document to provide further auditability and evidence.

Flexibility/Customizability

Once you have integrated electronic signatures into your business process, the e-signing ceremony should be easily customizable to evolve as your business process evolves. This may include changing the number of signers, documents or disclosures, the roles of signers, and business rules. An organization should be able to make these modifications quickly and easily, preferably through the use of industry-standard technologies such as XSLTs.

Volume Scalability

An electronic signature solution should allow you to quickly scale in volume beyond initial estimates. Real-world customer deployments have shown that actual volumes often surpass initial estimates.

Business Process Scalability

Once fully deployed, your organization will likely see opportunities to extend the benefits of electronic signing to additional business processes or lines of businesses. An electronic signature solution should provide the ability to easily scale across the enterprise as needed.

Your electronic signature solution provider should be in a position to help you with all of the above aspects as you plan to deploy electronic signatures across your organization.

For more information on this topic, please contact Silanis.

Resource Center

• Articles
• Webcasts
• White Papers
• FAQs
• Newsletters
• Ask the Experts

Industry Resources

• Government
• Financial Services
• Insurance

Next Steps

• Watch a 2-Minute Tour
• Contact Me
• Download a Demo
• 888-SILANIS

Learn More

• Webcast
  Evidence Requirements for Electronic Signatures
• Webcast
  Intro to E-Signatures: The Paperless Promise
• Article
  Paperless in P&C Insurance