Educause Security Discussion mailing list archives
Re: Security Issues regarding an e-forms routing/management system[Message Scanned]
From: Jack Suess <jack () UMBC EDU>
Date: Tue, 14 Dec 2004 17:29:21 -0500
Ben Part of the question is related to state law and practices at your campus. For example, in maryland we have somethign called UCITA, which specifies that electronic authentication is equivalent to signed signatures. That said, some states are just the opposite and place additional barriers on electronic signatures. Your institutional legal counsel should be able to answer this question. Outside of those points is a more fundamental question. Most signatures at work are "internal" signatures required by your university not necessarily governed by state law. For example, signing a requisition is not necessarily a legal requirement -- more than likely it is associated with audit and focuses on proper internal controls. If your institution has strong confidence in your LDAP authentication then you can make a case that e-signatures still maintain proper internal control. In the end, for those kind of functions e-signature becomes a risk management question. When we discussed this here I raised the question of handling a forgery. How would financial services validate a regular signature -- are they pulling the forms and doing a comparison -- have the staff been trained to do this kind of comparison? We then discussed how we would deal with e-signature, how would/could we deal with the issue that someone claimed they didn't "e-sign" a document. This led to a discussion of log files and determining what information we logged and how long we kept that information. In the end we felt that we could at least identify the ip address of the signer and use that information and cooraborating log files for other services to identify if something was a forgery. Bottom line, the question on e-signature is about thinking about risk management and internal controls. hope that helps. jack suess, CIO, UMBC On Tue, 14 Dec 2004, Parker, Ben C wrote:
All: Do any of your institutions use some sort of system to manage all the various forms that have to be filled out by multiple people on a daily basis? Our main security concern is what qualifies as a valid e-signature. Would something like authentication via LDAP to a secure website work, or do we have to add extra measures such as a pin number or another point of authentication. If anyone can point me in the right direction or provide info on this type of thing, I would appreciate it. Also for those who have it, was it something designed in house or do you use a product created by a vendor and if so what? Thanks, Ben Parker Mount Union College ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Security Issues regarding an e-forms routing/management system[Message Scanned] Parker, Ben C (Dec 14)
- <Possible follow-ups>
- Re: Security Issues regarding an e-forms routing/management system[Message Scanned] Kevin Shalla (Dec 14)
- Re: Security Issues regarding an e-forms routing/management system[Message Scanned] Jack Suess (Dec 14)
- Re: Security Issues regarding an e-forms routing/management system[Message Scanned] Harold A'Hole (Dec 14)