Electronic Signature Policy
Purpose
This policy is concerned with use of electronic signatures.
These can exist in many different forms and not just as digital images of hand-written signatures. The policy is to ensure that neither Elev8 Training Limited nor any individual:
is misrepresented; suffers loss of reputation; is exposed to any liability or other adverse consequence through the unauthorised use of electronic signatures.
Following the requirements of this policy is essential and any breach may lead to disciplinary action being taken. Such a breach may result in summary dismissal.
Scope
This policy applies to any employees with access to any relevant digital system and to associated persons working for Elev8 Training that may be required to ‘sign’ documentation as requested by authorised staff.
The legal definition of an "electronic signature" is as follows: anything in electronic form which is: (a) Incorporated into or otherwise logically associated with any electronic communication or electronic data; and (b) Purports to be so incorporated or associated for the purpose of being used in establishing the authenticity of a communication or data, the integrity of the communication or data, or both. Electronic Communications Act 2000 and Electronic Signatures Regulations 2002 Digital signatures, which use cryptographic techniques and protect an entire document by detecting any change at all after "signature", are not covered by this policy.
Background and Context
Manual signatures can be captured by various types of equipment including scanners, photocopiers and fax machines. Once acquired, signatures can be transmitted electronically and copied between files, as well as being printed on paper documents. An electronic document, such as an email, Word file or fax, containing a digitised signature is nowadays considered to be no different from a paper one which has been signed manually. It is therefore important that individuals use images of their own signatures with care and that there are controls over the use of other people's digitised signatures.
From a legal perspective there is normally no need to include an image of a signature in a document.
The (typed) text at the end of an email acts as a signature if it meets the requirements in a) and b) above. This applies to Elev8 Training's standard emails.
Example of Electronic Signatures
The following are all examples of an electronic signature; Typed name, E-mail address, Scanned image of a signature, Automatic email signature
Requirements
Images of signatures should be used only when essential. Though it is only a small deterrent to copying images of signatures, they should be sent outside the organisation in PDF files rather than emails, Word documents or spreadsheets.
The PDF files should be created with the highest levels of protection. Documents requiring signatures can only be created in Dochub - ensuring that all documents sent out for signature have an individual audit trail from the point of creation - the audit trail cannot be amended. Any alterations to the document will be noted on the audit trail and the audit trail can be downloaded and referenced to the document at any point. If amendments are required to an existing document - then a new Dochub document must be created - this creates a new audit trail.
Once a document is sent out for signatures - the system will not allow any changes to be made. If an error has been made on the original document - a copy of the original can be created - and amendments made - this would create a new audit trail and document reference.
Documents containing the image of another person's signature must not be sent without the express agreement of the person concerned, unless prior delegation and clearance procedures have been agreed.
In addition, such agreement, including the list of recipients, must be obtained in advance for each document. The content of the document must not be changed after authorisation to issue it has been obtained. Once such a document has been sent, it must not be sent again (or to additional recipients) without further explicit authorisation.
Legal Impact of Electronic Signatures
It is possible to commit Elev8 Training to contracts using electronic signatures • that an electronic signature could be used in court as evidence of the Authenticity of the communication or document if it is separately confirmed that the signature is a means of authenticating the communication or document. (Section 7 of the Electronic Communications Act 2000).
Precautionary Measures
All requests for signature must be sent to a designated email address. Signatures can only be provided through access to the email address provided.
Prior to completing the signature and other information, the signator receives an authorisation message and then must confirm consent for use of the signature by clicking on a confirm button. Once all parties have signed the document a copy is emailed to each party and a record of the date & time of the signature is recorded in the audit trail.
All copies of signed documents are then downloaded in an uneditable PDF format to the relevant organisational drive folder - and access is authorised by the system administrator to all signatories - further ensuring that these are non-refutable, and that all efforts have been made to ensure employers and apprentices have copies of all original and revised copies of signed documents.
It should be noted that it is possible for emails to be “spoofed” i.e. appear to be sent by someone other than the true sender, and for this reason a degree of caution needs to be exercised when accepting emails from third parties. If there is any doubt as to the authenticity of an electronic communication, it should in the first instance be reported to the workspace administration for further investigation.
Where documents relate to the claim of funding and directly relate to published funding rules - further measures must be included to ensure that signatures cannot be altered & are non refutable in line with the relevant funding rules. This will include measures such as using an auditable e-signature system, using designated email accounts and keeping copies of original signed documents for audit purposes.
Related Policies
As stated in the Cyber security policy: "User-ids and passwords must be kept confidential, and never displayed, shared, or saved for automatic connection".
It is not acceptable to send an email logged on as another person. Both disclosure of a personal password and use of another person's password are potentially serious disciplinary offences.
This policy has been reviewed and authorised by Kieran England on 31/8/2022