One of the final frontiers before moving to electronic recordkeeping is eliminating 'wet signatures', or hand-signing. In most cases in Australasia, we are allowed to replace hand-signing with an electronic method. This is good news, since manual records are becoming increasingly difficult to manage, as more and more business transactions and information management moves to digital systems. 

An electronic signature, also called a digital approval, is any electronic method which carries the intention of being a signature. Examples include a recorded sound (a person saying 'yes' on the phone), an electronically captured drawing (a person writing their name or initials on an electronic touch pad), or an electronic process (such as email, or selecting 'submit' or 'I approve' on an online form).

Strictly speaking, a 'digital signature' is a special type of electronic signature, but be aware that some people use the term to refer more broadly to electronic signatures. It behaves like an electronic stamp that can authenticate the sender and the person signing. It is designed to provide greater protections and security to electronic signatures.

Digital signatures can be complex and costly to implement, but are worth considering for higher risk or higher value authorisations, or to provide increased protections around using electronic signatures.

Electronic signatures offer a range of conveniences and protections. Approvers do not need to be in the same physical location if a signature can be made from an electronic device such as a computer, tablet or phone. There are more protections of verifying the identity of the signatory, if the method requires the signer to log in to a portal or system that recognises their identity.

Practitioners may want to use electronic signatures but not know where to start, what is allowed, or who they need to check with. What follows is an action plan to get your organisation to stop signing paper and start using electronic signatures.

1. Address laws, culture and policy - Legislation in most Australasian jurisdictions allows for the use of electronic signatures in most situations. There are selected exceptions, so always seek legal advice to be sure. Exceptions are usually around very specific matters or methods of signing, such as documents requiring a manual witness signature. Usually, other legislation or rules specify that the particular signature be carried out that (manual) way.

Generally, if the signature is required internally in your organisation, because of policy or procedures, it is likely allowed to go digital (but if not sure, check). If the signature relates to external parties, it may still be allowed, but the implementation may be more complex due to both parties needing access to the same, or integrated, technologies.

An electronic signature must comply with three criteria: identity, reliability and consent. These criteria require that there is a way to identify the person and their intention to sign, that the method used be reliable, and that the person or organisation accepting the signature consents to receiving it electronically.

Culture will influence whether you can begin or succeed in implementing electronic signatures. Some workplaces may have a history or culture of hand-signing particular documents. It may be difficult to get staff on board if they hold a belief that the manual signature is mandatory, more trusted, or more official. Some people still prefer to print and hand-sign a letter, even if they send a scan of it electronically. These preference for hand-signing can be hard to change. You need to identify these preferences, and try to address staff concerns and attitudes.

It can be easy to forget that electronic signatures are already in use for some workplace activities, and likely in our personal lives too. Remind staff of examples that are so routine we may not even think of them. When buying car insurance, when was the last time you signed a contract? In most cases you would have completed an online form, or had a recording captured of you saying 'yes' or 'I agree' over the phone. If your workplace has any existing electronic approval processes, such as an HR system for approving leave, highlight these as examples of it being acceptable.

Some workplaces may have policies, procedures, and manual forms that say a hand-signature is required. It is possible that they were created before legislation allowed for electronic signatures, which only came into existence around 1999-2000 in most Australasian jurisdictions. Or the documents may have been created or last reviewed when there were less reliable technology options available for electronic signatures. Review these requirements. If electronic signatures are allowed, get these documents reviewed and updated to reflect that.

Consider implementing an organisation-wide policy and procedure for electronic signatures. As part of your change management, form a working party to draft it. Consider running a short online survey, or putting a call out for input and feedback. Including stakeholders can improve buy-in. At some stage in the future, an electronic signatures policy will become unnecessary, as more and more processes move online. But it is acceptable to have such a policy to get your organisation over the line now. It can also address the 'consent' criteria of electronic signatures, and empower staff to act.

Make a list of your stakeholders, and consider inviting them to be on your working party:

• Records, archives, information management;
• Policy, risk or compliance areas;
• Administrative staff who would be impacted by any changes;
• Relevant managers and senior staff;
• Representatives from teams that already use electronic signatures;
• IT support and/or IT security and risk;
• Any other relevant stakeholders; or
• If there is not much expertise or experience within your organisation, consider co-opting some members external to the organisation who have the relevant experience.

2. Assess the available technology - Make a list (or locate an existing list) of the systems and technologies currently in use or able to be used for electronic signatures. Some examples include workflow within an EDRMS, email, some online forms technology and more. While not strictly speaking an electronic signature, one option is to require that any hand-signed documents are scanned and emailed or submitted online. Technically you are receiving a digital document, so you can continue to manage it electronically. This could be an interim measure if other options are not available.

3. Select a form or process to move to electronic signatures - Make a list of all the paper-based forms that exist, and all the letters or memos that normally get signed. It's not just contracts and agreements. How do staff in leadership positions approve or endorse a new policy, procedure or guideline? How does the Chair of a committee approve minutes? How do you get approval to spend money on catering for an event? If possible, pick an internal process, as it may be easier to implement an electronic signature with enterprise-wide systems and software, and within the same organisation's policies and processes. Consult with your working party and/or stakeholders, and come up with a plan. Ensure you use change management techniques such as good and regular communications explaining the upcoming change and how it will work. If your workplace has access to online forms, preferably that recognise who is logged into the intranet or portal, that could be used. Just ensure that any forms require the signer to actively tick a box that says 'I approve of ….'. It is not acceptable to have the 'I approve' box pre-ticked, as it's less clear then whether the signer was aware of it and actively accepted it. For email, if someone sends a document as an attachment, and the email includes 'I approve the attached', that could be acceptable. Just make sure you have a process in place for how you will capture and manage the record of that signature. Will you save the email as an .eml or PDF file, and register it, with the attachment, into an EDRMS?

4. Write a case study to support further use of electronic signatures - Once you have implemented an electronic signature, write up a case study about what you did and how it worked (and any lessons learnt). Try to quote positive feedback from stakeholders. Your case study could be shared in staff communications such as newsletters and on notice boards (electronic or physical), and explained at staff meetings. It can also be referenced in any future business case to propose the purchase of dedicated electronic signature software, workflow, or integrations with other systems.

Considerations for purchasing electronic signature (approval) software

There are a range of technologies available to facilitate electronic signatures and the recordkeeping of them. Some are stand-alone products, some integrate with other systems, and some may be features of existing systems such as an EDRMS that just need to be configured or turned on. Here are some considerations you should be aware of:

1. Licensing - You will need to consider how licensing works. Does every staff member need access, and is licensing affordable if it needs to include every staff member?

2. Single sign-on (SSO) - Can the system integrate with existing login infrastructure, such as single sign on? Uptake of the system may be difficult if staff need to create and maintain separate passwords and logins, and it could be difficult to verify if the signer is who they purport to be, if the system cannot integrate with existing sign-on processes.

3. Fit for purpose - Team/process-specific or enterprise wide? Does it integrate with existing systems/EDRMS/website/email - Make a list in advance of your requirements for electronic signatures, current as well as anticipated future needs. Sometimes an enterprise wide system may be best, to accommodate a diversity of signature needs. However, sometimes a standalone system or integration is acceptable, if it solves a particular team or business process need. For instance, if you already have an electronic HR system, that may have the ability to accept electronic approvals (signatures) for leave requests, as the system already has information about staff entitlements, supervisors and more.

4. Don't forget the recordkeeping for the signature - Features essential to recordkeeping (including disposal)

• Does the system support compliant recordkeeping and information security practices?
• interoperable metadata
• Able to migrate records to another system
• Audit logs
• Protection from unauthorised deletion
• sentencing and disposal

It is important to make sure that the technology you use will meet not only the requirements for conducting an electronic signature, but the (temporary or long term, sometimes permanent) recordkeeping requirements for the signature.

Understand what recordkeeping standards or legislation apply to your organisation. Then assess whether the technology you are considering meets the requirements. Depending on the retention period or the importance of the signature, it may be acceptable to take a risk-based approach, and in some circumstances, accept a system that does not tick all the boxes. However, you should document the process you followed to make this assessment, and keep records of it. 

Think about, how long will the record of the approval need to be kept? If it is for more than a few years, is there a plan for the maintenance, and possible migration, of the record of the signature, to ensure it can be accessed and used for the time it must be kept for?

If the expected sentence of the signature record is temporary (temporary could mean six months or sixty-plus years), is there a way for the system to identify records due for destruction and dispose of them? This is where integrations with an EDRMS may be appealing, as an EDRMS is designed to handle sentencing and disposal of records.

Lydia Loriente (BA (Hon), DipLang (Italian), MEuIntStudies, ARIM) is a Senior Records Analyst at Monash University. Lydia is passionate about empowering people to do their own effective recordkeeping and information management, and embedding recordkeeping compliance into everyday work practices. She can be contacted at lydiabloriente@gmail.com