4 important questions your company needs to ask your e-signature provider

No matter which e-signature provider you ask, you’ll hear the same promise: safe, secure, legal e-signatures, for every industry. But did you know that there are different signer authentication levels and standards that affect how sure you can be that an electronic signature is valid? In this article, we tell you what questions to ask to find out whether your e-signature really meets the accepted requirements for safe, secure, and legally binding signatures.

Table of Contents

  1. Not all e-signature products are the same
  2. Electronic signature security and validity
  3. The 4 questions to ask your e-signature provider
  4. Our answers to these 4 important questions

Not all e-signature products are the same

Every provider claims to have the most trustworthy platform. But when it comes to safety, security, and reliability, some of them fall short. In our experience, many do not really understand what requirements need to be met for them to be able to back up their claims. In Canada, these include:

  • Assurance level 4
  • ISO compliance
  • Proof of evidence

Meeting these requirements is crucial to prove the authenticity of your signed documents and ensure they will hold up in court for decades (or even centuries) to come, if you ever had to prove the validity of your signatures.

eZsign is an assurance level 4, ISO-compliant e-signature solution that meets the highest Canadian standards.

Have questions? We have answers.

Electronic signature security and validity

Every company, whether it has 1 employee or more than 1,000, needs fast, reliable signatures on its important documents. If they ever need to prove a signature is valid, they should be able to do so quickly and easily using the evidence provided with the signed file.

You may be thinking: when I sign a PDF electronically, I get a file with my signed document that has “evidence” in the name. As you should! But do you know whether the data contained in that file just covers the basics, or is it enough to prove that signature is valid if it were ever challenged? What can you do to find out? See our questions below.

Imagine you’re in front of a judge. You have your signed document with you, and you point to it and say, “see, it’s signed.” She says, “I need proof.” How confident are you that you have what you’d need to do that? Without the right proof, you could be up a creek without a paddle.

Visit our Trust Centre for technical information about our security, compliance, privacy, and incident response plan.

The right questions to ask your e-signature provider

As we’ve mentioned in a previous article, electronic signatures are legally binding and will hold up in court, provided they meet the right requirements. These requirements include a digital audit trail that captures the right data to serve as irrefutable, concrete proof that the signature is authentic and meets the burden of proof in a court of law.

But how do you know the e-signature solution you are using:

  • Is capturing the right data to prove signers’ identities?
  • Keeps a log of all activity, including any changes after signing?
  • Stores this vital information somewhere you can access it forever?

Here are the 4 key questions you can ask your provider to make sure you have what you need to prove your signatures are secure, valid, and authentic—so you can do business with peace of mind.

Interested in our answers?

Question 1: What assurance level does your e-signature solution have?

If you only ask your current or potential e-signature provider one question, make sure it’s this one.

The Government of Canada has established levels of assurance for electronic signature processes. Assurance level 4 represents the highest level of assurance under Canadian electronic signature policy. It provides very high confidence that an individual is who they claim to be when signing a document electronically.
You can read more about assurance level 4 in our dedicated e-signature assurance levels article.

eZsign meets the requirements of assurance level 4.

Question 2: What ISO standards does your e-signature solution comply with?

ISO stands for the International Organization for Standardization, a nongovernmental organization based in Geneva, Switzerland. ISO relies on the world’s foremost experts to develop internationally recognized standards for almost anything you can think of, including electronic signatures. Complying with these standards gives users confidence that the solutions they are using meet certain criteria for safety, reliability, security, and quality.

Not only do ISO standards spell out exactly what companies need to do to meet them, companies must document their processes and procedures to show they are in compliance. Think of them like restaurant ratings on steroids.

There are two ISO standards that are especially relevant:

ISO/IEC 27001 for e-signatures

This is the world’s best-known standard for information security management systems (ISMSs). It provides guidance for establishing, implementing, maintaining and continually improving ISMSs. Companies that comply with this standard have procedures in place to manage data security risks that follow the recognized best practices and principles in the standard.

ISO/IEC 27017 for e-signatures

This standard gives guidelines for information security controls for cloud-based services, i.e., services that you access through the internet. Most electronic signature solutions today function as a software as a service (SaaS) solution you access through a web browser or API.

Complying with these standards shows a commitment to maintaining the confidentiality, integrity, and availability of customer data and providing secure and reliable e-signatures. If your provider doesn’t comply with these standards, ask them why.

Question 3: What data does your proof of evidence file contain?

Traditional pen-and-paper signatures have long relied on safeguards like witnesses and notaries public to provide proof that a signature is authentic. In the computer age, what do we rely on?

For electronic signatures, the proof of evidence file replaces these safeguards, providing a digital record of the signing process and the signed document.

Proofs of evidence that meet the burden of proof in court usually contain the following:

  • User IDs and identifying information like IP addresses
  • A log of every time the file was viewed, modified, signed, or otherwise “touched” by any user
  • Verifiable timestamps from a third-party time-stamping authority

If the proof of evidence just provides the names of the signers, the time, and the date, it might not be enough to prove authenticity before a judge. Why risk it?

Learn more about eZsign’s industry-leading proof of evidence in our dedicated proof of evidence article.

Question 4: Where and how is your data stored?

In our interconnected world, where and how data is stored is more important than ever. In fact, not knowing can pose a potential security risk. Look no further than attempts by governments around the world to limit the use of certain social media apps that store user data in places with laxer privacy laws than North America or the EU.

Since your sensitive data can be stored virtually anywhere, you should ask your electronic signature provider where their servers are located. Ensuring that they are on Canadian soil will give you an extra layer of confidence and peace of mind that they comply with Canada’s laws and will be easier to access if needed.

Opt for Canada’s best e-signature solution: eZsign

Now that you’ve asked your e-signature provider these questions, you might be interested in our answers:

Q: What assurance level does your e-signature solution have?
A: eZsign is an assurance level 4 provider that ensures very high confidence that an individual is who they claim to be when signing a document electronically

Q: What ISO standards does your e-signature solution comply with?
A: eZsign complies with both ISO/IEC 27001 and ISO/IEC 27017.

Q: What data does your proof of evidence file contain?
A: eZsign’s proof of evidence file contains a thorough log of all user activity, including log ins, document views, any document modifications both before and after signing, as well as actual signing, with clear identifying information for all users and time stamps provided by an independent, third-party time stamping authority.

Q: Where and how is your data stored?
A: All eZsign data is securely stored on servers on Canadian soil. Learn more about our physical and virtual infrastructure.

 Ready to give eZsign a try?

Book a discovery call to learn how eZsign will help your organization.

Share   |