Businesses are quickly replacing existing paper forms and manual workflows with fully automated e-forms and electronic workflows for many reasons such as increased productivity, less error-prone, and much easier to track/audit. All of these reasons help drive down business costs. Often existing paper forms require one or more signatures. frevvo workflow enables easy routing of your e-forms thru a simple approval process to collect all the required signatures. When making the transition from paper to electronic signatures our customers often ask "Are these electronic signatures as legally binding as their paper counterparts?".
The Uniform Electronic Transaction Act (UETA Act) and Electronic Signatures and National Commerce ACT (ESIGN Act) establish the basic framework for a legally binding system based on electronic signatures.frevvo has all the features you need to deploy web forms and workflows with legally binding signature. This white paper discusses the supporting technologies and frevvo features in the context of the legally binding electronic signature framework described in both the UETA and ESIGN Acts.
This white paper covers each of the following important requirements:
The identity of any signing party to an electronic transaction must be securely known.
frevvo offers multiple options for identification and authentication including an out-of-the-box option as well as several options for integrating with external systems such as LDAP.
frevvo offers flexible access control configuration of forms and workflows to allow configurable sets of authenticated users runtime access to forms and workflows as well as the resulting submissions/transaction documents.
Disclosure and Consent
Parties must be clearly informed of the intended use of a legally binding electronic signature and given an option to agree or opt-out.
This is largely a designer's responsibility, and frevvo offers many options to support this, including:
The ability to flexibly build custom prompts and text as well as numerous options for displaying disclosure documents or language.
The ability to design dynamic forms and workflows that can react accordingly to user response.
The designer can choose to include any/all consent responses in the transaction document.
Electronic Signature Capture
The system must provide a means to capture an electronic sound, symbol, or process, attached to or logically associated with a transaction or other record and executed or adopted by a person with the intent to sign the record.
frevvo provides the designer with several options for designing a form/workflow for capturing a party’s handwritten signature. These options include:
Requiring the signature to be entered each time (using a stylus or finger on a touch screen or a mouse)
A one-time entry of a handwritten signature on a per-user basis. In this situation, each user’s signature is unique and stored securely. The entered signature is then used automatically by the system to affix a handwritten signature under user direction.
Handwritten signatures are captured as images in frevvo. These signature images are stored along with the data that represents the electronic transaction (or sent to a third-party system if that option is chosen).
Electronic Transaction Secure From Tampering
Once the electronic transaction has been signed by a party, the relevant data must be secured against tampering and any tampering that might occur must be immediately apparent and detectable.
frevvo allows the designer to protect all or some of the transaction documents with digital signatures. These digital signatures employ a digital hash of the relevant data that is encrypted using public-private key technology. The digital signature is applied simultaneously with the application of a handwritten signature, which is itself also protected by the digital signature. The accurate date and time of the signature are also automatically recorded and protected by the digital signature.
A transaction document may be configured with multiple sections, each of which may be protected with a digital signature requiring a handwritten signature from different parties to the transaction. The potential combinations available to designers are endless and very flexible.
Any tampering of the digitally signed data or electronic signature can be immediately detected and in fact, in a workflow application, frevvo continually re-checks digital signatures for tampering and immediately notifies users.
Transaction Document Retention
Electronic transaction documents must be retained for somewhat obvious reasons, including later accessibility, compliance with laws and regulations, later enforcement, etc.
frevvo offers flexible options regarding the system of record regarding record retention. Transaction records may be stored within frevvo or all transaction record data can be sent to 3rd-party systems. frevvo includes several built-in connectors that facilitate this integration with no programming required.
Transaction Document Access
The resulting electronic transaction “document” must be available to all parties.
frevvo flexibly provides options for the designer to make the resulting transaction document available. The designer may optionally allow read-only access to the resulting transaction submission to all parties or a subset of parties.
The designer may also configure the system to create alternate non-proprietary document forms of the transaction such as a PDF or various image formats. These may be stored with the transaction data and retrieved as needed.
Handwritten signatures are captured as images in frevvo. These signature images are stored along with the data that represents the electronic transaction and are included as part of the read-only data that may selectively be made available to parties of the transaction. The captured signature images are also affixed to any generated alternate document forms (PDFs, etc.).
Audit Trail for all Transaction Actions
Each action must be recorded in order to be able to prove who did what and when they did it.
frevvo comes with built-in auditing in workflows. This audit records who processed each step and when they did it.
The audit trail itself can be made available to all participants or configured for selective access by particular parties to the transaction.