Purchasing and Business Services Manual (PUR)

[horizontal rule]

Effective: 8/22/2016

Revised:            

[horizontal rule]
[ASU logo]

PUR 202–02: Electronic Signatures

[horizontal rule]

Purpose

[horizontal rule]

This policy identifies the requirements for the use of electronic signatures (hereafter “e-signatures”), electronic transactions (hereafter “e-transactions”), and electronic records (hereafter “e-records”) in conducting the University's business operations in support of the institutional administration of the University's teaching, research, and service operations. (“University transactions”)

Under this policy, the University may require that members of the University community use e-signatures to conduct certain University transactions that previously had required handwritten signatures and approvals on paper documents. This policy codifies how the University will designate those University transactions for which e-signatures will be required and how the University recognizes e-signatures. This policy also requires that the University establish Security Procedures regarding the use of e-signatures, e-transactions, and e-records in connection with University transactions. This policy augments, and does not replace, University Information Security policies, which apply to all University services.

[horizontal rule]

Sources

[horizontal rule]

Arizona Revised Statutes, Title 44, Chapter 26 (A.R.S. §§ 44-7001, -7051, "Arizona Electronic Transactions Act"

Arizona Secretary of State Regulations, "Digital Signature Policy Authority"

University policy

[horizontal rule]

Policy

[horizontal rule]

Applicability of This Policy

This policy applies to all individuals who are affiliated with the University, whether paid or unpaid, including but not limited to faculty, staff, students, affiliates, associates, and volunteers. This policy may require members of the University community to conduct University transactions electronically and to formally acknowledge their agreement to University transactions in which they are parties by affixing an e-signature.

Security Procedures and Unauthorized Use of Electronic Signatures

The University will adopt Security Procedures for e-signatures, e-transactions, and e-records that are practical, secure, and that balance risk and cost and that comply with applicable law, including regulations adopted by the Arizona Secretary of State. It is not the intent of this policy to eliminate all risk, but rather to provide a process for undertaking an appropriate analysis prior to approving the use of e-signatures, e-transactions, and e-records for specific University transactions; and, based on such analysis, to designate those University transactions in which e-signatures, e-transactions, and e-records may be required in place of handwritten documents. This policy also addresses implementation of User authentication and User authorization at levels that are consistent with the security requirement for a University transaction, including but not limited to, password policies, secure transmission policies, and access control policies.

Individuals who falsify e-records, e-transactions, and e-signatures are subject to disciplinary action, up to and including termination of employment, up to and including expulsion, and criminal prosecution as specified in ABOR and University policies, and under applicable federal and state laws. Individuals are required to report any suspect or fraudulent activities related to e-transactions, e-records, or e-signatures immediately to the ASU Information Security Office and to any manager or supervisor in the individual's department, college, or division. Nothing in this policy is intended to authorize any individual to sign on behalf of The Arizona Board of Regents or Arizona State University if he or she has not been granted such authority, and such signature authority continues to be governed by applicable ABOR and University policies.

Electronic Signatures and Handwritten Signature Requirements

To the fullest extent permitted by law, the University accepts electronic signatures as legally binding and equivalent to handwritten signatures to signify an Agreement. When a University transaction has been identified and approved by the University under this policy for the use of e-signatures, and where University or ABOR policies, state or federal laws, regulations, or rules require a handwritten signature, that requirement is met if the document contains an e-signature, unless otherwise prohibited by such policies, laws, regulations, or rules.

This policy does not limit the University's right or option to conduct a University transaction on paper or in non-electronic form, nor affect the University's right or obligation to have documents be provided or made available on paper when required by applicable policies, laws, or regulations.

Designation of University Transactions Subject to Electronic Signatures

The University reserves the right to designate specific University transactions that are to be conducted as e-transactions or maintained as e-records, and that are to be fulfilled by e-signature under this policy.

Definitions of the Terms Used in This Policy

    1. “Agreement” — the bargain of the parties in fact, as found in their language or inferred from other circumstances and from rules, regulations and procedures that are given the effect of agreement under laws otherwise applicable to a particular transaction. Rules, regulations, and procedures enacted by ABOR or the University authorizing electronic transactions or electronic signatures constitute such circumstance.
    2. “Electronic” — relating to technology that has electrical, digital, magnetic, wireless, optical, or electromagnetic capabilities or similar capabilities.
    3. “Electronic Record” or “E-Record” — a record of information that is created, generated, sent, communicated, received, or stored by electronic means.
    4. “Electronic Signature” or “e-signature” — an electronic sound, symbol or process that is attached to or logically associated with a record and that is executed or adopted with the intent to sign the record and that meets the following requirements at the time of execution: a) Unique to the person using it: b) Capable of verification; c) Under the sole control of the person using it; d) Linked to the Electronic Record to which it relates in such a manner that if the record were changed the Electronic Signature would be invalidated.
    5. “Electronic transaction” or “e-transaction”— an action or set of actions that is conducted or performed, in whole or in part, by electronic means and/or via electronic records.
    6. “Information” — data, text, images, sounds, codes, computer programs, software or databases, or similar items.
    7. “Record” — Information that is inscribed on a tangible medium or that is stored in an electronic or other medium and that is retrievable in perceivable form.
    8. “Security Procedure”— a procedure that is employed to verify that an electronic signature, record, or performance is that of a specific person, to determine that the person is authorized to sign the document and to detect changes or errors in the information in an electronic record. This includes a procedure that requires the use of algorithms or other codes, identifying words or numbers, or encryption, callback or other acknowledgement procedures.
    9. “University community ” — those people affiliated with the University, whether paid or unpaid, such as faculty, staff, students, affiliates, associates, and volunteers.
    10. “User authentication” — the process of securely verifying the identity of an individual prior to allowing access to an electronic University service.
    11. “User authorization” — involves verifying that an authenticated user has permission to access specific electronic University services and/or perform certain operations.
    [horizontal rule]

    Cross-References

    [horizontal rule]

    Arizona State University Information Security Policy

    Uniform Electronic Transaction Act of 1999

    Public Law 106-229, Electronic Signatures in Global and National Commerce Act (S761, HR1320 IH, also known as "ESIGN")

    Arizona Revised Statutes, Title 44, Chapter 26 (A.R.S. §§ 44-7001, -7051, "Arizona Electronic Transactions Act")

    Family Educational Rights and Privacy Act (FERPA): 34 CFE Part 99, Final Rule.

     


    skip navigation bar
    PUR manual | ASU policies and procedures manuals | Index of Policies by Title | PUR manual contact | Purchasing and Business Services Web site

    Back to Top

    Valid HTML 4.01 Transitional