According to business processes and the law, and process are different steps in the same transaction. For example, an iris scan authenticating you does not mean that you have actually reviewed and agreed to the terms of a contract. Likewise, because you were able to use your PKI token to electronically apply your digital signature to an electronic record does not necessarily mean you could even see the document.

Because both and signing are important, and different, DocuSign makes an important distinction between the two. In DocuSign, they are tied together into the overall transaction or ceremony of agreement.

DocuSign’s secure model enables you to leverage several different tools for both prior and post modes. DocuSign addresses two general signing scenarios – “remote” signing over the internet and “in-person” signing where the signer is present. DocuSign also provides several layers of that are improvements over typical business practices.

DocuSign’s Options

DocuSign provides an integrated system that works with the process to ensure any level of can be provided and that the provides positive identification of the person signing. 

The DocuSign process is designed and architected with no single point of failure. can be required each time a signer reviews and signs a document, if requested. One session for a document from company “A” does not mean that company “B” must rely on that , as is the case with PKI digital certificates. 

The DocuSign secure system provides several levels and tools integrated into the system:

1. : validates a person’s email address and access to that email address.

2. : validates the person’s ability to provide a shared secret or passphrase.

3. : validates a person’s knowledge based on a knowledge-based process provided by RSA.

4. : validates whether a person’s name is on the Specially Designated Nationals List administered by the Office of Foreign Assets Control.

5. : validates a person’s age is correct as entered.

6. system: validates the person’s Student Network as entered.

7. Federated : accepts and records by another system when integrated with DocuSign. This can be any form.

The DocuSign secure system supports a workflow of for integrated customers, enabling decision-making during the process. For example, if a person’s results in an age older than 18 years, then the process will also include knowledge-based or if the age is 18 years or younger then the process will also include the Federal system.

In addition to these prior tools, DocuSign collects IP addresses of all the users and time stamps all activity into the audit trail along with all the results.

If your signing process takes place in person, consider what steps you require. Depending on your business, you may do one of the following:

1. No other than accepting a signature. The vast majority of processes happen this way. The signer appears, signs a contract and it is considered good. In this case, you don’t have an electronic process is really nothing. Simply have the signer appear in person and sign. No need to use additional .

2. Identification before signing. In some cases, the signer is required to produce a valid drivers license or other form of picture ID for the person hosting the transaction to identify the signer.

3. . This is the most stringent form of in-person and it is used in only very sensitive situations.

Using DocuSign, it is possible to sign in person by selecting the recipient type as “In-Person Signer.” Once this is selected for a recipient, the system asks for a signing host and depending on the business process defined will require whatever credential is typically used. One example is using a drivers license for

DocuSign’s process is a witnessed signing with credential collection support. Once the signer is authenticated by the witness, he or she may electronically sign on the local computer. Once done, the witness must re-apply his or her signature to record he or she was present for the whole signing. In addition to the local credential collection, the signer may also be requested to process a knowledge-based or a shared secret for multi-layer . Therefore, this can be either a prior or post mode process. 

The most common form of electronic signing with DocuSign is . The signer receives an email that he or she has a document to sign. This process uses at least and the sender may elect to use additional layers of for more sensitive transactions. 

In situations where the signing process is embedded into another portal or website, that portal’s can be passed along when signing starts, and used as the only process or supplemented by the tools DocuSign provides.

In all cases, the signer’s is recorded in the DocuSign Audit Log and the DocuSign Certificate of Signing regardless of how the person signed – in-person, remote, or embedded. The Audit Log and Certificate of Signing are encrypted and tamper-proof.

When considering your signer strategy, you should evaluate your current processes and risks. Then establish any increased or decreased risks that might be present by transitioning from a paper process to an electronic one. Once you have this understanding, you can establish the policies and procedures you should use with your service. 

  • Share/Bookmark