Achieve Electronic Signature Legality for Human Resources in India with airSlate SignNow

How to eSign a document: electronic signature legality for Human Resources in India

hello everyone and welcome to today's webinar event digital signatures are your paperless signatures leaving you vulnerable today's event brought to us by alm and arx this is michael krieger with alm and today's legal market demands that firms focus it investments on improving efficiency and secure processes while also supporting the highest possible level of client satisfaction signature automation tools are making an impact on the industry and enabling lawyers and other legal professionals to skip the time-consuming process of reverting otherwise automated processes back to paper just for the sake of obtaining signatures but without an understanding about the technology behind automated signing solutions and the regulations pertaining to them your firm could be left vulnerable and that's what we're going to talk about today we have on our panel of experts today john marchionne and elia fishman before we get going let me remind you today's webcast is completely interactive incorporates many social networking tools as well you can tweet or post information to social media sites blogging platforms etc right from the console just scroll along the bottom of the screen and click on the share this widget we are going to have some interactive live polling questions when you see them just complete the poll and hit the submit button we'd greatly appreciate that also if you have a question for one of our speakers just hit the ask a question button located on your console we'll get to your question during the event or during the live q a at the end we'll answer as many questions as possible and the ones we don't have time for will receive a written response after the event you can also use the green resources widget to download some additional materials just uh go ahead if you want to change the the windows you can change the side so all these things on your desktop just make them big i'll change the look and feel that you're when have fun now a little bit about our speakers john marciani has over 25 years experience in both u.s and international high-tech markets related to business process automation prior to arx he held strategic management decisions with companies offering process management and information security solutions including microsoft sign link and redix he was appointed visiting scholar for informatics at uc berkeley where his research focused on friction reduction in automated critical information collection and processing he's a member of the security council of the gerson lehman group he also served as the director of technology programs an advisor to gordon and betty moore foundation of palo alto elliot fishman is in charge of market strategy tactics and everything in between for arx's cosign digital signature solution for the legal sector she previously managed marketing and technical copywriting at arx and other high-tech companies thank you both for joining us today we've got a ton to cover uh only an hour to do it so let me start by turning it over to john marchionne john go ahead oh thanks michael and welcome everybody and we appreciate the time you're carving out to learn more about signature automation and we believe this will be a useful way to spend the next hour given that what michael already hinted at it's good to consider signature automation up front uh instead of as an afterthought it's it's better to start thinking about it early in your process automation rather than at the end if you leave it as an afterthought your 10 you tend to have to redo things redo your processes or re fit it into infrastructure so what we're going to cover today um is something about what the legal market um is thinking in terms of signature dependent processes and and usage uh my colleague elia will uh will cover those statistics with you then she'll turn it back over to me i'll give you a tutorial on the differences in signature technology approaches we'll talk about the business drivers for signature automation we'll cover standards and regulations that are relevant to this market niche and finally the application of digital signatures in business and and also some a bit about deployment and how it looks for for the user for the auditor for the lawyer okay so with that let's jump into these interesting alm survey results uh elia yes hi thank you as john mentioned my name is elia i am the legal market manager at arx and as he also mentioned i'm going to be giving you a little bit of an inside look at some of the results that came out of a survey we recently did with alm back in may we targeted legal departments law firms and government agencies and what we were going for is to find out how legal professionals are impacted by signature dependent processes and more specifically we wanted to find out about the current usage of digital signatures in the legal market usage readiness and also we wanted to know what legal professionals think is most important most concerning and most beneficial about digital signatures just to give you a little more insight about the survey we had 202 respondents that participated the nearly half of them about 47 percent came from corporate law departments and 33 percent came from a law firm so jumping in now to the first data bit we see here what what do legal professionals say are the biggest benefits of digital signatures and you see that the majority are 62 percent cited increased efficiency saving time on printing etc so when you think about efficiency some things immediately come to mind and with signature automation specifically some things you can think about are eliminating the timely and cost and costly sorry time consuming and costly process of having to print documents just to physically sign them and then either scan them back into the system or route them manually so when you embrace signature automation you immediately eliminate those tasks and you free up your illegal professionals to spend their time on more important tasks with which obviously has a an immediate impact on efficiency but efficiency also has to do with automating your processes and completing processes in a way that doesn't leave open any gaps and what i mean by this is specifically to signature processes automating them in a way that people who receive your electronically signed documents can trust them and know that they're valid and not have any ambiguity there and that's where it becomes important to understand what options you have when it comes to automating signatures specifically the differences between digital and electronic signatures but that's something that we'll let john get into in a little while looking at the second database what are legal professionals what are legal professionals looking for in a digital signature solution now it's really interesting to see that 87 percent of people cited security as the most important characteristic they're looking for in a digital signature solution now obviously with so much of today's information being digital it's crucial that while law firms and legal departments do find ways to use technology in order to be more efficient to cut costs to increase client satisfaction they also have to protect their data with the absolute highest level of security and that takes us into the next slide where we see that security is also the top concern legal professionals have when it comes to digital signatures so because of the security factor and how it's clearly very important here it's even more important to understand the difference the different options available to legal professionals when it comes to signature automation between electronic signatures and the more secure digital signatures that are now available to firms and departments of all sizes so as i mentioned earlier for that discussion i'm going to hand it back over to john okay thanks ellia that very interesting uh insights from that survey it's good to see what others are thinking about and in general will reveal what the concerns are uh once once people are more aware with the con of the concerns they can of course uh be more proactive and taking steps to alleviate those those concerns so um i'm going to jump in now to a little tutorial there's some basic terminology uh it's always good to explain around signature automation and you know you've probably heard the term digital signature and electronic signature thrown around and you may ask what's the difference um i didn't realize we were up to a survey question though uh michael is that where we are um yeah we can do that why not let's put everyone in the audience to work with our first polling question of the day and that is what type of organization are you associated with we'll make this an easy question you probably know the answer to this one are you with the firm a corporate legal department government agency or something else and um while we're waiting for our attendees to do that what is the big difference between digital and electronic signatures john yeah so um electronic signature is a term that's really broadly used to cover any type of signature automation from things like click here to sign to i'm going to paste an image of my handwritten signature on the document to proprietary click wrap envelopes and really it refers to anything that could be understood or assumed to be a signature so that's that's what electronic signature refers to digital signatures refer to a standard technique an industry standard that's recognized globally it's recognized in the us under nist it's recognized in europe under etsy it's recognized internationally under iso and it's a specific technique that's been peer-reviewed and vetted for security for integrity for being immune to forgery um so when you hear the term digital signature uh what is being referred to is this standard approach that is more globally accepted and that has been vetted for uh reliability okay terrific thanks for that and to look at the results of our poll just slightly more law firms than corporate legals uh present today with a spattering of government agency and other and with that i will turn it over to to you to uh continue okay so if uh you know if we talk a little bit more about a standard digital signature what what are we talking about we're talking about a signature that is interoperable and portable meaning that if your application is applying the standard signature other applications can recognize and verify that signature so that's one important uh aspect or attribute you get from a standard digital signature it's portable and it can be recognized and verified by many applications and what what type of things does the digital signature carry well it carries an integrity check on the document uh this will always indicate to the relying party the person who's has to rely on the signature of the transaction that nobody is tampered with it and if if nobody has you'll see a nice green check mark like the one here on the left if there is a tampering on the document or with the signature the person uh inspecting the signature will see a clear indication of that in this case via a red x on on the right okay so this is this is so important for having a reliable business process nobody in the process or the value train or the transaction should ever rely on tampered information okay and this is one of the most important elements that you get from a standard digital signature you always know when something has been tampered with whether it was tampered with intentionally or accidentally this type of signature ensures that nobody will rely on something that's been tampered with okay the second uh important element that the digital signature provides is evidence or proof of the signer's identity who who is the person signing this document okay this is important also uh for allowing a business to flow okay if there's uh no question about who signed it if there's no question about the integrity of the document that means this signature will in fact have effect that means it can be relied upon and so your business process continues to move forward and then finally there's an intention element that comes with cosine this is in the form of standard reason codes that are expressed at the time the user signs why are they signing this document they're signing it because they accept they agree they confirm they approve they endorse they've audited and so on so the the intention code the reason code gives an extra element for deciding why the document was signed so if you look at this combination of elements what you're getting is evidence of who signed what they signed why they signed and also there's a date and time associated with it so also when so who what when why they sign so the four w's okay this is embodied in a set of standards that are endorsed by nist in the u.s as i mentioned before etsy in europe iso standards bodies like ietf w3c all recognize the digital signature standard and this is the standard that has been thoroughly peer reviewed and vetted for vulnerability fairly peer-reviewed by industry academia by standards bodies and what they try and do uh every year is to see if there's a compromise or an attack on this technology and uh to date there is none today the digital signature is the only signature mechanism that is deemed openly by the standards bodies to be immune to forgery okay it works on a cryptographic technique i can give you a very high level uh description of this like if there was more time i could probably bore you with even deeper level of description but this the second bar here uh indicates what what you get in a digital signature when when you sign a document the first step in the signing process is the document is passed through a special cryptographic algorithm called a hash algorithm this yields a unique series of ones and zeros something we call a hash value you can think of it as a digital fingerprint or the digital dna of the document no two documents will ever have the same hash value once the hash value is produced each signer has a set of signature credentials that's made up of a cryptographic key pair one is a referred to as a private key that's not shared with anybody one is a public key that is published for verification purposes these are large 20 48-bit integers no two signers will ever have the same private key the next step in making the signature is taking that unique element from the signer their private key along with the unique element of the document the hash the hash code and intermingling those two under a cryptographic operation to produce an output that we call the fundamental digital signature so the the output of this function is um if you think about it it's a child it's a child that's unique to two parents one parent being the document that contributed its hash code the other parent being the signer that contributed their private key so this operation creates a very strong binding then between that signer and that specific document okay and that's the signature and then along with that each signer has an identity certificate which is also injected into the document with the signature and that is all bound into the document at the metadata level and this travels with the document for the rest of its life cycle so the evidence that you need is available to anyone who needs to rely on that document for as long as that document lives okay so some of the elements uh that you get with cosine digital signatures that will actually give you a best practice for automation are um uh and this this can be a checklist if you're considering any solution for signature automation the first question you should ask is is there a strong binding between the signed document and the signer and the answer is yes or the signature in the document the answer of course is yes is the signature and document uniquely linked to the signatory or the signer answers yes can the signature identify the specific individual signatory or signatories if there's more than one on the document the answer is yes is the signature created using a means that the signatory maintains under his or her control meaning could others come in and intervene and sign on behalf of that signer under cosign the answer is no and this has been verified under independent testing in a government lab that not even the systems administrator could access either the signer's signature credential or signature function only only the signer can invoke their signature credential and signature function to make the signature can the signature be verified by anyone at any time yes the answer is of course yes and does the signature ensure that changes to sign information can be plainly seen by anyone at any time the answer is yes this is to ensure that no tampering will go undetected uh can it be used with systems and applications already in place yes because it's a standard what you'll find is that for example your your basic content authoring applications like microsoft word and excel or any number of pdf creation devices or software can recognize and verify a cosign signature because we all follow the same standard and then cosign also offers centralized control over when to provision a user when to revoke that user's signing privilege this is important in a company or enterprise setting where users shouldn't be left their own devices to declare their identities or left to their own devices to give themselves signature privilege cosign allows centralized control of user enrollment provisioning and revocation and then also cosign allows the user to control their specific signature credential and signature function okay so uh when we look at the uh the field of electronic signature approaches what we find uh because these are these are non-standard they're not the same across vendors um and they haven't been openly peer-reviewed or vetted that we find invariably that most of them provide only an ambiguous proof of sign or identity this can hinder audit processes and the ability to trust the signed content we find proprietary approaches offer ambiguous evidence of content integrity this is also problematic in terms of reliability okay that they require proprietary verification software meaning that if you make a signature with a proprietary technique you probably have to go back to that same system to verify the signature it's not built in the verification isn't built into things like microsoft word or excel or a pdf reader okay we also find that there are a number of electronic techniques that are bound into predefined workflows that are inflexible so you get a proprietary signature but it comes along with a workflow that may or may not fit your business process okay and then of course because they're not peer-reviewed in most cases most electronic proprietary techniques are vulnerable to forgery attacks it's this ambiguity that makes it difficult to allow business to flow without friction it makes it difficult to stay in compliance with either your audit requirements or governance and it introduces doubt it it also opens a window for what i call misunderstandings okay in the legal uh community you may call it disputes i prefer to call uh i prefer to call it misunderstandings between parties but if the evidence provided after the fact in the document gives a clear indication of the validity of the signature and who signed it and allows the stakeholders to even drill down a little further and see proof of the signers identity proof of intention proof of date and time and proof of document integrity this evidence can be seen at the same level and in the same way among all parties that are stakeholders to this transaction and therefore with this type of evidence it's very easy to quickly clear up the misunderstandings if you're clearing up misunderstandings fast what does that mean number one it means your business can continue to flow but it also means you avoid a downside you avoid of the downside of having to pull audit logs of having to have an i.t professional come in and interpret those audit logs of then having those audit logs in the it professionals interpretation go before your lawyer and then having your lawyer decide what's admissible and what's not and then ultimately where it gets really expensive going to arbitration or in the court so if you have the evidence available in a way that is easily understood by the stakeholders it is a great component of the service for preventing misunderstanding but also for easing things like passing audits and anything related to regulatory compliance okay this these types of things uh actually make you compliance ready okay so what are the what are the business drivers uh for signature automation probably obvious to everybody but it's simply that paper is too darn expensive right and i'm not going to read these statistics here but um if you get a copy of this presentation you'll be able to see what the overhead cost is for staying on paper uh paper-based business processes and it's important to um uh to not just automate to get off paper but do it in a way that gives you that control that reliability that integrity and that kind of that prevention of misunderstanding type of service right anybody can automate anybody can click here to sign the question is once you've once you've automated did you lose control of the process is is the integrity maintained and the answer is well if you're not using digital signatures not not always okay there was another survey done by aim that um oh no this is an alm survey this is continuation on analya survey um that found that um you know the the volume of document signed per week is can be significant that if you're on paper you're adding more than a day to execute your process and that also half of your documents are printed for no other reason than obtaining a signature that last statistic is kind of interesting if you're saying on paper today and tomorrow you switch to digital signatures you in fact have eliminated half of your overhead costs associated with paper uh just by making that one switch to uh to digital signatures right um okay so here are some aim statistics not unlike the elm statistic this involved 389 respondents those that did automate with digital signatures 68 percent save time scanning copying routing costs 65 accelerated their signature dependent processes 53 percent say paper handling costs 81 percent reached a return on investment meaning the solution paid for itself in under 12 months and 25 uh got a full payback within 90 days um so it says a lot about how signature-intensive businesses are but we don't always think about it or if we do think about it we think about it as an after thought in in process automation so it's it's good you're taking some time today to think about it up front okay could could result in a lot of efficiencies so let's talk a little bit about standards and regulations related to signature automation you know i've already pointed out there are a number of standards in the u.s and internationally under nist and etsy and iso there are also a number of standards and it's the same standards that are followed by the soft software community mainly w3c and ietf oasis but also large application vendors independent software vendors like microsoft and adobe and many others follow these standards so when the market is following standards it creates um economies for everybody right uh we're not all chasing an independent approach but we've decided to unify under one approach that's not only reliable but streamlines things because a signature made by cosine for example can be easily recognized and verified by an application that microsoft has installed on your desktop or in the cloud and the same for adobe um cosine signature is easily recognized and verifiable by adobe applications and and many others okay so a lot of it to be said for economies um then there are uh industry specific regulations that touch on signature automation things like the fda their title 21 cfr part 11 that pharmaceutical companies and medical device companies need to comply with u.s department of health and human services usda justice hipaa socks and so on all of these touch on elements of what the signature needs to provide in terms of reliability and integrity within the process okay and then finally at the government level at the sovereign level in the u.s we have two statutes one is esign which is a federal statute the other is ueta uniform electronic transaction act these are the fundamental regulations that give legal force an effect to digital signatures in the u.s both at the state and federal level then you have various others uh globally um outside of the u.s and the eu and uk and so on okay to do the same thing so um it's it's uh it's a technology that's not only well implemented in a number of productivity applications but now well recognized at the government and sovereign level okay so uh what are some some of the applications uh that our surveys have uncovered about where law firms and in-house legal departments use digital signatures uh it's uh really where whatever signature dependent but you know correspondence nda's billing intellectual property documents hr human resources documents contracts and agreements and so on and then other applications for digital signatures broadly uh can be put into two categories two high-level categories those that are transactional meaning the document crosses an organizational boundary and governance documents those that still require a signature because of some audit requirement compliance requirement or governance requirement but those documents stay relatively within the boundary of the organization okay so these are just a few samples but there are really a lot a lot of examples of things that are signature dependent you can kind of just maybe sit back as an exercise someday with your colleagues and and identify uh what documents or what processes are signature dependent in your organization and kind of get a feel for how much money you could save if you got off the paper if you got off your paper addiction right and that brings us to another polling question michael and it's a good thing too just in time we've woken we'll have to wake everybody up for it we'd like to know what kind of documents or transactions are you signing most often is it non-disclosure agreements are they contracts and other agreements consents pleadings or is it hr documents so please take a moment to complete the poll let us know which one it is and um where do you see the biggest use of uh digital signing documents john is it for contracts is um where's the uh the low-hanging fruit it's uh it's business specific i mean um i have customers that have um maybe 200 users but are signing three million documents a year those individuals are signing what's called certificates of analysis these are blood blood and urine tests i have others that are doing hr employee enrollment to the tune of 900 000 a year because they they do hr outsourcing for the screening and enrollment of employees for certain government agencies and then i have uh oil and gas i have uh any number of contracts that that those type of customers are signing or in the fda space pharmaceuticals are are very intensive in terms of clinical trials for either a medical device or a drug before the advent of digital signatures these clinical operations were delivering their documentation to the fda in a truck now they can submit it electronically so it really depends on what market you're in please help us save trees we need them i hate oxygen i couldn't agree more if anything else here is putting the audience to sleep one thing they should take away is if we keep our carbon sequestered in the trees it's better for the planet i'm a big believer in that and the results of our second poll most of you uh are doing contracts and agreements followed by pleadings a little bit of consents uh no one in our group today are using um ndas or hr's as most often uh type of documents they're signing someone certainly um they are signing some of them but so most frequently number one answer contracts with agreements number two pleadings no surprises there and with that um we have completed the presentation part of our event today we've got time for your questions we do have a bunch of them in the queue so please go ahead and submit your questions we'll get to as many of them as we can in the time remaining we'll start off with a question from jesse who wants to know are my files stored on your server during the signing process you have your choice most of our customers prefer to deploy our product on premise and have our product work with your local document store and the reason most of our customers prefer that as most of our customers are in the regulated uh or security-minded markets and they don't want their documents traveling outside of their protected domain just to get a signature so we have a model um that allows you to obtain signatures on documents without taking the document out of its protected area where you're maintaining it and this works this works by only moving the hash of the document down in ssl channel and getting the signature back so this is something that's very elegant about cosine that we found the security-minded customer really appreciates got it thanks for that here's a question from robert who asks what happens to a person's digital signature after they leave the firm nothing it it now okay so after they leave the firm their digital signature credential is revoked immediately revoked so they can't make any more signatures however the signature they made or all the signatures they made for the time they were employed and had signature privilege those signatures are valid and they live in the document record and wherever that document record travels whether it's place to place or travel through time in an archive that signature is verifiable until the document or record itself is destroyed i'll keep the questions coming this one from victor who wants to know can mobile devices be used to digitally sign documents yes we have mobile access to cosign via any smartphone or tablet through a web browser we also have a new mobile app coming out specific to ios and the google the google os yep and a number of our customers to take advantage of this terrific thanks for that this one from bill who says sharepoint is being used by many law firms for content management and other things does cosine integrate with sharepoint yeah we probably have one of the best integrations it's not the best in delivering a standard digital signature capability under sharepoint i believe today we're the only ones that can allow you to natively sign pdfs for example in a sharepoint environment and 50 of our business is sharepoint related so thanks thank you microsoft for leaving us that that opportunity terrific um here's a question from jobs to wants to know can you briefly explain my deployment options when it comes to cosign uh yeah so you have your choice of a appliance that installs on-premise into your network and connects into your corporate directory and then can be managed ing to the policy and procedure that you're that you already have in place for managing uh your users or provisioning your employees into the system that deployment takes about 90 minutes okay if you don't want to have the on-prem appliance we also have cosine cloud where you can come in and subscribe online and in both cases you don't have to move your documents out of your domain you can still use cosign cloud and not have to move your document out so because i'm cloud is recommended if you have 20 or less users if you have 25 or more we recommend the on-prem because ein cloud is a subscription-based it's monthly or yearly the on-prem is a capital purchase it's a one-time fee got it we just have a couple more questions this one from sean who wants to know are there any file types that can't be signed with a digital signature um so there there are um a number of file types that will recognize natively did digital signatures okay so those include word excel outlook emails uh info path autodesk autocad bentley microstation lotus forms pdf pdfa tiff and xml and there are even many more but say for example you do have an odd document type like notepad there's one that wouldn't recognize a digital signature natively what you can do is that there we have a virtual signing feature with inside cosine you if you want to sign your notepad document for example you the user selects that and what that feature does is it distills the notepad document into a pdf and at the same time applies a digital signature to it okay okay with um i'd like to uh thank you we've got one final question here this comes from from samuel who says i often hear the debate about digital signatures and their acceptance by the courts are they accepted yeah we we monitor this really closely we have not yet seen any um judge or arbitrator having to rethink the logic under the statutes under e-signer you eat to write an opinion whether the digital signature is acceptable or not not one yet we we do know that these signatures have been submitted as a body of evidence and if they follow if that evidence has followed evidentiary procedure there's no issue it's just like anything else an email that doesn't follow evidentiary procedure would not be acceptable therefore any signature that doesn't follow it would not be acceptable but if you did follow evidentiary procedure these statutes esan and ulita are doing their job that's what they were there for so that no court would have to think twice about giving them legal force and effect or having them be accepted in court that's all the questions we have i want to thank our presenters today john marcioni elia fishman for their great presentation also want to thank cosine by arx and alm for making today's event possible john is there somewhere people can surf for more information where should they go yeah plea please uh visit us at at .arx.com we have a number of white papers we have case studies we have nice demos we have a free trial if you want to kick the tires and if um you know you you just want to talk you have more questions feel free to email sales.com uh there are any number of eager people here at arx that would would like to connect with more of the audience and with that again thanks to our presenters uh and to our sponsor for making today's event possible for alm this is michael krieger saying have a great day you