Over the last 18 months, all manner of technologies including online collaboration, video conferencing, touchless tech, intelligent signage, document management, mobility, and electronic signature (e-signature) – to name a few – have played a massive role in ‘keeping the wheels turning’ in the workplace.
While e-signatures have been legally admissible and in usage for some time now, they have taken on outsize importance in this new environment. With hybrid working squarely a part of the post-pandemic business environment, there are fewer opportunities than ever for people to physically gather in the same location.
Additionally, with en masse adoption of cloud technology and digital processes becoming the norm rather than the exception, the utility of the traditional “analogue” wet ink signature has become rather limited.
For this and other reasons, including new regulatory pressures, e-signatures are now indispensable to hybrid working – but they need to be done right. There are several important considerations to keep in mind as organisations across sectors and sizes consider adoption of this technology and how best to work with e-signatures.
Not all e-signatures are equal
One of the first steps in working effectively with e-signatures is to understand the different types of e-signatures that exist, along with their security ramifications.
The Simple Electronic Signature (SES) is the simplest form of e-signature, and probably the one that business users are most familiar with from both personal usage and various work scenarios. If there’s a document that needs signing, the SES is there to fulfill that role, allowing people to electronically insert their signature. It’s more or less just a digital way to sign – there’s no advanced “security” baked into it.
The Advanced Electronic Signature (AES) and Qualified Electronic Signature (QES) are a different story. Both the AES and QES use enhanced identity verification measures to confirm the identities of the parties involved in a transaction.
In addition to ensuring that the signatory can be uniquely identified and linked to the signature, an AES uses a private encryption key to ensure that the signatory is the only one who can create the signature. Additionally, an AES is able to identify if any data has been tampered with after signing.
A QES requires all of the same protocols as an AES, but it also utilises a Qualified Signature Creation Device (QSCD) and uses a qualified certificate to generate signatures, making it the most secure of the three types of electronic signature.
The distinctions between these different types of e-signatures are important given the evolving backdrop of laws and regulations around their usage.
For instance, the eIDAS (Electronic Identification, Authentication and Trust Services) law has established a legal structure for electronic identification in Europe, and it outlines what standards need to be met to electronically authenticate things like signatures and documents in a compliant manner.
In some business situations like a sales or procurement agreement, a SES might be fine; in others, like an employment letter, AES is more appropriate. For a document that requires power of attorney, QES will likely be used for its high level of security and user verification.
Through these various standards, eIDAS plays a critical role in ensuring secure cross-border transactions. The challenge is for businesses to navigate these standards in the smoothest way possible – something that’s easier said than done.
Creating a workflow around e-signatures
One of the security strengths of AES or QES is that a document cannot be tampered with after it’s been signed. Practically speaking, however, this strength presents some challenges for the professionals having to gather and shepherd these signatures throughout the duration of a transaction.
A large transaction, for example, might involve 100 separate documents with 10 signatories – and if one is using standalone signature pages, that’s up to a whopping 1000 different signature pages that need to be wrangled.
When AES and QES are required, professionals can’t use their usual slip sheeting approach of taking signature pages out of the document and circulating those signature pages well in advance of the deal closing while simultaneously finalising the language in the documents. Instead, the entire fully negotiated document has to be sent out to be signed.
In order to effectively embed e-signatures into their work processes, then, professionals need to take a comprehensive approach to the larger transaction itself, of which the e-signature is just a piece, and ensure that there is structure and automation around managing the entire process.
That means finding ways to support the traditional approach to incorporating signatures into documents where signature pages and documents are circulated separately and then are slip sheeted back in to form finalised documents, as well as the new workflows around AES and QES, where documents are signed once they are finalised and retain all the digital encryption, metadata, and other qualities that constitute an AES- or QES-signed document.
In both scenarios, an approach that centralises checklists, signatures, and documents and automates the workflow around them is crucial for keeping things on track and ensuring that no aspects of the signing fall through the cracks.
Navigating the foreseeable future
Hybrid working promises to be a fixture of the business landscape for the foreseeable future, which means no one should hold their breath waiting to go back to a time when everyone physically gathers in a room to sign documents.
As long as e-signatures are ascendant, businesses should ensure they are supporting the workflows surrounding the entire transaction. In doing so, they will be handling e-signatures most effectively.
Sahil Zaman is Head of Business for iManage Closing Folders
Main image courtesy of iStockPhoto.com