How do you choose the right electronic signature solution for your organization? How do you sort through the marketing and sales hype to find the truth? And how can you tell which vendor will stay with you for the long haul and which will disappear after they close the deal? These are just some of the questions business leaders face when they look for an electronic signature service.
Here are eight key factors to look for when you’re shopping for electronic signature solutions. There are also great questions to ask yourself when you’re evaluating an electronic signature provider.
1. Authentication / Identification
Users prove their identity by providing some kind of private information.
- Does the electronic signature solution require users to authenticate themselves before applying an electronic signature to a document?
- How strong is the authentication method?
- Does the system require that a user only receive an email at a unique email address, or does it require them to enter a PIN or password?
- Can documents be accessed without authentication after signature?
2. Comprehensive Audit Trail
Electronic signature services provide a feature that tracks the document to provide evidence of the entire transaction.
- Does the signature solution track every event in the signature process?
- How detailed are the events being stored?
- What information is kept?
- How is the audit trail stored?
- Is the audit trail secured against tampering?
3. Information / Notice / Consent
Laws and regulations require that signers agree that they want to engage in an electronic signature process.
- Is the user presented with an appropriate and visible notice about using electronic signatures?
- Is the user provided an opportunity to decline to use the service?
- Is the consent to use e-signatures presented clearly and also tracked on the audit trail?
4. Signature / Intent
The user must take some form of action to electronically sign documents in order to clearly indicate the intention to sign. Documents should also be clearly visible and readable to a user.
- How is the user prompted to sign a document?
- Does the process clearly communicate intent?
- How is the document displayed to the signer?
The signature of the user must be linked to the records being signed to prove the connection between them.
- How is the signature linked to the documents being electronically signed?
- Does the association of the signature rely on established standards or proprietary solutions?
A user signs the version of the document they are looking at during signing, and expects that document to remain the same after signature. An electronic signature service must protect the integrity of documents before, during and after signing.
- How are documents protected during signing?
- If the document is tampered with, is there a way to find out?
- Can the service prove the integrity of a document at any point from the first signature to the last?
7. Standards / Verification Independence
The solution should provide signatures on electronic records that follow standards and do not rely on the service to be validated.
- What format are the documents produced in? Is it proprietary?
- Are documents and signatures human-readable and accessible using free viewing software?
- Can individual signatures be validated without having to go back to the vendor that produced them?
- Do the signatures rely on international cryptographic and document standards, such as RSA, DSA, SHA, PAdES and PDF?
8. Long-term standing
Some documents need to be trusted not just for months or years, but decades. Organizations that rely on these kinds of documents need to be mindful of how their electronic signature solution deal with this issue.
- Can the electronic signatures be validated long-term?
- Does the digital signature service use technology that is based on standards and can be validated in the future?
- Are the systems used for signing proprietary to the vendor or based on well-known cryptographic tools?
Depending on your organization’s needs, some of these factors might not be critically important for you. But you should choose services that are not just cost-effective but also valid and sustainable long-term.