Garden State Life Insurance
Email This Page   |   Download PDF

Resource Center 

The Ten Commandments of Electronic Signature Technology

A well written RFP for electronic signature is a framework for substantial business process improvements - your own organization’s Holy Grail – provided it reflects a detailed understanding of the technological, legal and business issues at stake. An incomplete RFP could lead to the wrong choice of system, and do your organization as much harm legally as to its bottom line.

This article covers the most critical elements to consider before you delve into the writing process.

I. Thou shalt not frustrate users

This may seem obvious, but the definition of user-friendliness varies greatly from one vendor to another. Users who are required to install plug-ins or download extra software pieces are most likely to show early symptoms of RTC, also known as Resistance to Change. And who could blame them?

This is why usability is the very first point of many to be considered when investigating electronic signature technology. What you need is a straight through signature process where all users can sign documents easily, avoiding useless clicks altogether and regardless of which browser version they are using.

RFP questions:

  • Is the user required to visit a third party site in order to complete a transaction?
  • Does the solution require the user to download and install additional software components?
  • How is the signer guided through the signing process?

II. Thou shalt support all channels

Flexibility should be expected from a true enterprise solution, fully scaled to serve multiple business channels. While signature tablets provide an ideal method of signing at a point-of-sale, they are not practical for the online channels that play a growing part in any modern-world business model.

The idea is that online customers should be able to e-sign loans from the privacy of their own homes as easily as field representatives can approve documents from their mobile devices.

RFP questions:

Expect the following signature methods from vendors:

  • Signature tablet 
  • Click to sign on the Web
  • Click to sign offline

Expect the following methods for document review: 

  • Web-based
  • Paper
  • Tablet

III. Thy cost model shall be transparent

While organizations may be attracted by a hosted solution that offers the option to pay-as-you-go, the hosted model can become a hidden gotcha, especially for the fastest growing businesses; as transaction volumes grow, costs can quickly surpass the investment required for a licensed solution.

On the other side of the dollar spectrum, licensed solutions involve a one time fee for software, followed by standard annual maintenance; an investment more suited to the larger players, for whom a known, upfront dollar figure is preferable to smoky upgrade costs. Also, from an integration standpoint, customization and interfacing with existing systems is easier when dealing with a licensed solution.

With a solid understanding of your requirements and realistic adoption forecasts upon which to base cost estimates, you will be able to determine whether a hosted or licensed solution is right for your organization.

RFP questions:

  • What are Year 1 and Year 2 total cost estimates for low, mid and high forecasted transaction volumes?
  • What customizations to the commercially available solution are required based on the requirements outlined in this RFP and what is the cost of those customizations?

IV. Thou shalt adapt to my changing needs (and not the other way round)

Workflow flexibility is another area where vendors, despite their mesmerizing sales pitches, differ considerably. As compliance rules or customer needs change, processes will need to be adapted. Your electronic signature solution must therefore allow for quick and easy adaptations along the way. Let’s say you need to add a disclosure to a mortgage process - can this be applied easily? Or if you need to change the order of those signing within a joint line of credit application process, will you need to put your IT guys on the case to try to program changes to the initial program?

In this case, it is better to stay away from proprietary systems, which are most likely to trigger an organizational earthquake when it comes to adding new features or supporting new business processes. Instead, look for systems built on standards that offer easily-adjustable templates to feed the system with new business or process rules.

RFP questions:

Expect the solution to support all of the following variables:

  • Organization’s workflow
  • ESIGN consent
  • Number of signers
  • Order of signers
  • Number of documents
  • Types of documents (for signature/for delivery)
  • GUI
  • Notifications
  • Exceptions
  • Suspensions

Ask vendor to describe the methods used to support each variable.

V. Thou shalt facilitate integration with existing systems

Integration is another flat-out requirement that many electronic signature providers don't like to talk about. A standalone electronic signature solution, isolated from the rest of your IT infrastructure, will not deliver the expected gains in productivity and efficiency, so vendors need to be crystal clear on how their electronic signature technology will fit within your overall IT puzzle.

Should you have PKI, digital certificates or smart cards already in place, your electronic signature solution should offer seamless integration with this security infrastructure and also be able to add signed records to your existing workflow, content management or document storage systems without any additional effort on your part. At the end of the day, systems integration is your vendor’s problem, not yours.

The system should also allow you to e-signature-enable all kinds of document formats, whether they are Microsoft Word, Excel, Adobe PDF, XHTML or IBM documents.

RFP questions:

  • Can signed records be stored outside the solution?
  • If yes, what security information remains with the record?
  • What document formats are supported?
  • What language is the solution built on?
  • Does the solution support the following user authentication methods:

- Knowledge-based
- User ID and password
- PKI (for high risk transactions
- Point of Sale/In person
- Combination of above within the same process

VI. Thou shalt deliver under rigorous conditions

A robust enterprise solution is what you need, fully scaled to support the highest transaction volumes, from just a few hundreds to several thousand transactions per day. Vendors’ generous statements in the matter shall therefore be handled with care and should be backed-up by large-scale customer references.

RFP questions:

  • How does the solution scale to support growing transaction volumes?
  • Is the solution being used today in high transaction volume environments?
  • Does the solution allow for easy offline storage (i.e.: archiving older transactions)?

VII. Thou shalt be secure

There are basically two ways to handle the signature process. While the “document-centric” approach ensures that the actual signature, security and audit trails are directly embedded into the document, the other approach handles the document and signature as two separate entities that must be managed independently. The first scenario is preferred because it ensures the signature and security information remain with the document at all time, improving portability and allowing organizations to leverage their existing document storage systems.

Control over the transaction is another security checkpoint. If part of the signature process takes place on the local desktop, you cannot trace what happens there and then. Centralized, server solutions, on the other hand, allow you to keep control over the entire process since the signature process is 100% web-based and nothing happens offline.

RFP questions:

  • Is the electronic signature embedded within the signed record or stored separately? (important for portability and seamless integration with ECM)
  • Does the record remain in the control of the system at all times throughout the transaction?
  • How are signed records secured to ensure any tampering is detected?

VIII. Thou shalt be compliant

"That’s not the record I signed” is an all-time favorite among plaintiff claims. Being able to show how a record was presented to a signer can determine whether the intent was adequately established. But this is all the more challenging for web-based transactions, where browsers may display the same page in different manners.

This is why compliance with the “What Thou See is What Thou Sign" is the Holy Grail of electronic signature. Some vendors have found it, while others are still looking. A few even surpass the rule by capturing and storing a secure record of the entire document review and signing process - including document routing, delivery, presentation, authentication and distribution.

Compliance is also synonymous with prudence. When it comes to online transactions, ESIGN requires that the consent, by which a consumer agrees to receive disclosures and conduct business electronically, be established prior to the actual transaction. Electronic signature solutions that can enforce such workflow through specific rules help ensure compliance.

RFP questions:

  • How does the solution ensure the documents are displayed accurately to the end user?
  • Does the solution provide evidence of how a document was displayed to the end user?
  • Does the solution support rules-based, guided workflow to ensure compliance requirements are met?
  • Does the solution allow all parties to the transaction to retain verifiable copies of the records?

 IX. Thou shalt produce convincing evidence

Being compliant is one thing. Proving your compliance is another. In order to put all the evidence on your side in the first place, you should be able to replay the whole story behind the signature; a “signature storyboard” if you like. This is why your system should also offer an intuitive interface from which records can be easily viewed and printed for presentation to non-technical people such as a judge, jury or opposing counsel. This will provide them with the visual proof they are looking for:

  • Who signed what (signer unique ID, document’s exact contents)
  • When did he/she sign 
  • Where did the signature take place
  • How was the document signed (screenshots capturing the user’s intent to sign)

Your IT guy will also be thankful for not having to try and resuscitate the 1998 version of your corporate Intranet to prove that Page A v.3.0 was what User X had agreed to sign on that rainy September Tuesday.

RFP questions:

  • What transaction evidence is available?
  • Is the transaction evidence securely associated to the signed record? 
  • Does the solution maintain complete evidence records of signed documents and the corresponding transactions?
  • Does the solution provide an interface to review all evidence components?

X. Thou shalt practice what thou preaches

Marketing may be the mother of all sins, although vendor experience is definitely that of wisdom. What you need at this final stage, beyond brochures and fact sheets, is two or three “Happy Fews” to talk to. These real-life customers are the only ones who will be able to either back-up or invalidate the sales speech while answering the following key questions.

Through the course of this final reference check, you also want to make sure that you are talking about full-scale, live installations, not just pilots or proof-of-concepts.

RFP questions:

  • How long did it -really- take to go live?
  • Is the solution as customizable as the vendor claims it to be?
  • How responsive is the vendor to technical issues?

Conclusion

Once you have all the right questions accurately lined up in your RFP, thou shalt sit back and wait for the first crystal-clear responses from vendors. After all, if you can't get clear responses from them at this stage, should you trust their ability to respond clearly to a major support request in the future?

This is why, if an eleventh Commandment were to be added, it would read “Thou shalt not let me down”. While the question of the vendor's financial stability is often overlooked - much to the peril of client organizations - it is all the more critical in fast-paced technology environments where new opportunities emerge like mushrooms in a rain forest. This stability indicator will help you evaluate the chances of your system being supported five, ten years from now.