Get Instant Access
to This Blueprint

Data Business Intelligence icon

Adopting e-Signature

A step in your digital transformation.

  • Understanding and adhering to the right laws, e.g. when to use digital signature.
  • Optimizing document processing workflows.
  • Changing the culture from email and paper processing.

Our Advice

Critical Insight

  • E-signature can be an important entry point and model for modernizing your record or contract management operations, touching all hallmarks: automated workflows, governance controls within business units, and engagement by security and compliance teams.
  • E-signature is green, replacing paper-based processes and all their supporting energy-dependent activities such as physical document storage and delivery.
  • E-signature is more secure than paper-based forms of authentication, but participants should be educated about using it securely and should have the option to use an alternative.

Impact and Result

  • Create a detailed plan to ensure you’re positioned to adopt e-signature solutions with optimized processes and policies in place.
  • Ask the right questions to make sure you’re getting the solution you need, for example: Do you need an enterprise solution or feature? Does the solution provide multiple signatures on one document? Does it comply with GDPR?
  • Engage the right subject matter experts to define policies and implement them to adhere to applicable e-signature laws.

Adopting e-Signature Research & Tools

1. Adopting e-Signature Deck – A step-by-step document that walks you through how to properly plan for and implement an electronic signature solution.

Understand the resources and decisions required to introduce electronic signature (e-signature) to authenticate business transactions in a paperless and secure way.

This phased document acts as an introduction to the essential concepts in e-signature process, including laws, technology, security, and change to the digital culture. It includes a set of checklists, references, and worksheets to plan e-signature solution.

Adopting e-Signature – Phases 1-3

2. e-Signature Detailed Requirements Worksheet – A comprehensive checklist of features to refer to in the planning and selection of an e-signature solution.

Use this spreadsheet tool to assess the importance of each option in a detailed list of product features and the availability or performance of vendor products.

It's important to understand what solutions are possible, from adding on an e-signature feature, to an existing tool suite, to an enterprise-wide solution.

e-Signature Detailed Requirements Worksheet

3. e-Signature Policy Sample – An example of an e-signature policy to download and edit as part of the core guidelines for users and stakeholders.

Use this sample policy document to provide clear and formal guidelines to users, stakeholders, and technology support, including governance, responsibilities, purpose, and appropriate use of e-signature services.

e-Signature Policy Sample

Adopting e-Signature A Step in Your Digital Transformation

Insight summary

“E-signature, like other initiatives in the digital transformation, cuts across the organization – it’s deployed across functional teams. Make sure there are clear goals and accountabilities, as well as cross-functional representation.” –Vivek Mehta, Info-Tech Research Group

Overarching insight

With the shift to remote and flexible workforces, many organizations rushed to adopt digital ways of doing business such as e-signature. There are many important decisions to make when setting up an e-signature service for your team. Electronic and digital signatures touch many things and functional areas. By strategically thinking through these questions – both technical and legal – you’ll avoid confusion for users and risk for your organization.

Phase 1 insight

E-signature laws are not prescriptive – they don’t tell you exactly which documents need e-signature and which ones need digital signature or “wet” signature. With the input of business leads, IT, and legal counsel, organizations need to classify critical records and apply rules and processes for how they will be handled.

Phase 2 insight

Moving contracts around in an e-signature workflow means you need to think beyond the e-signature service to your overall records management practice. Where are the signed documents living and coming from? Are they tagged so that audits and workflows can find them?

Phase 3 insight

Consider the user experience when making decisions about e-signature solutions. While some solutions may have appealing up-front costs, they may complicate the experience for signers and end up slowing down business rather than enhancing it.

Tactical insight

Use some tactical small e-signature use cases to begin a strategic path to digital transformation, starting with working with an upcoming transformation project and incorporating a workflow and its documents as part of the changes.

“Across the board, businesses are going digital. They’re transforming customer-facing transactions and the customer experience as a whole by shifting away from paper and toward the adoption of electronic signatures across the enterprise.”

Source: Onespan, 2018.

Executive Summary

Your Challenge

Organizations are expected to offer digital, self-serve experiences. And that includes approving and signing important business contracts. The more quickly and securely you turn around contracts, the more you can build customer trust and more quickly recover revenue. Challenges:

  • Understanding and adhering to the right laws, e.g. when to use digital signature? Which products comply with GDPR?
  • Optimizing contract processing workflows.
  • Changing the culture from email and paper processing.

Common Obstacles

  • Understanding which e-signature regulations apply for certain transactions and instruments, i.e. which ones require physical signatures, digital signatures.
  • Helping users transition from paper or email forms of contract exchange to digital ones.
  • Ensuring your organization has the right solution for their cross-functional needs, e.g. do you need an enterprise e-signature solution or a business solution suite that happens to have e-signature with it?

Info-Tech’s Approach

We interviewed solution providers, legal experts, and digital transformation thought leaders to develop:

  • A detailed plan to ensure you’re positioned to adopt e-signature technology, for example, by having an optimized process and policies in place for the e-signature service.
  • A set of important questions to ask to make sure you’re getting the solution you need, for example, does the signer/partner also need a software license to sign?
  • A guide to the difference between e-signature levels of security, when to use them, and what’s involved.

Info-Tech Insight

E-signature can be an important entry point for modernizing your operations into a digital, self-serve organization. It touches all the hallmarks of a transformed business: automated workflows, governance controls within business units, and engagement by security and compliance teams.

What is e-signature?

E-signature is a catch-all term for paperless ways of signing documents

Digital signature is a special type of e-signature

Electronic signature or e-signature is a generic term for any paperless method used to authorize or approve documents which indicates that a person adopts or agrees to the meaning or content of the document. An electronic identifier, created by computer, attached or affixed to or logically associated with an electronic record, executed or adopted by a person with the intention of using it to have the same force and effect as the use of a manual record. There are special types of e-signatures based on security controls and technology, e.g. digital signatures are the most secure type of e-signature.

Source: NIST, June 2017.

Information lifecycle management

Information lifecycle management should be a comprehensive approach for managing information from creation to disposition. Your information management practice – including records management and supporting capabilities such as workflow and audit trails – are the foundation for e-signature. Where will your contracts come from? Where will the documents and audit trail live – in the e-signature document cloud or your own system?

The image contains a screenshot of Info-Tech's Information Lifecycle Model. The model includes four stages. The first stage is Generate, and it encompasses ideate and create. The second stage is Capture, and encompasses Ingest, index, and store. The third stage is Deliver and Utilize, it includes Retrieve, Update, and Publish. The fourth stage is Manage and Retire, and it includes Retain, Archive, and Destroy.

Although not all steps in the lifecycle are as urgent as others, it is important to understand how your information moves through the various stages. For example, when considering compliance requirements, how the information is managed and retired is of the utmost importance.

"Ingestion is arguably the most complex part of the information lifecycle. This is where most of your time will be spent. Once it is correctly indexed, the rest of the lifecycle should fall into place."

– Naveen Kumar, VP Consulting Services, Info-Tech Research Group

Refer to Info-Tech’s Embrace Information Lifecycle Management in Your ECM Program

Records

Records are a special type of content and require specific capabilities and a records management practice.

Includes paper, email, video conference recordings, attachments.

Records:

  • Any information created or received by an organization to conduct its daily activities.
  • There is a need for the record to be created to fulfill the organization’s business.
  • It must be recorded.
  • Can be generated internally or externally.
  • It’s the content rather than the medium or format that counts.

Non-records:

  • Too often, non-records are kept as part of a records management program.
  • Keeping non-records creates extra costs in staff time for processing and storage space.
  • Examples of non-records: reference materials, publications, brochures, and magazines that are not created by the organization.

What it means for the organization:

  • Retention policy & guidelines
  • Retention schedule
  • Legal counsel involvement
  • Disposition & archive solutions
  • Records Manager role/office
  • Automated workflows
  • Audit trails
  • Records owners
  • Classification scheme
  • Index

If e-signature workflow presents records for signing, then consider where the record and its e-signature audit trail will be stored, how and if the workflow will integrate with the records repository, and how the records management practice will ensure compliance.

Definition of “Record”:

"“Any recorded information, regardless of medium or characteristics, made or received and retained by an organization in pursuance of legal obligations or in the transaction of business.” "

Examples of records:

  • Payroll data
  • Health records
  • Contracts, e.g. Purchase, Lease
  • Policies & procedures
  • Income tax
  • Insurance policy information
  • Meeting minutes
  • Bids
  • Patents
  • Consent forms
  • Transcripts

E-signature is an initiative in the digital strategy

The digital target state is achieved through the delivery of digital initiatives and guiding principles (components 3 and 4 below) that achieve your desired outcomes. Your digital vision should be your organization’s vision:

The image contains a screenshot of the Company Digital Strategy on a Page.

The Digital Strategy on a Page consists of four components:

1. Digital vision

A high-level statement of what the organization aspires to be – its purpose and vision for the target state of digital transformation.

2. Digital investment thesis

A statement of purpose that guides investment decisions pertaining to digital transformation.

3. Digital guiding principles

High-level, directional statements about the objectives of the IT organization.

4. Digital initiatives

Depicts the in-flight digital initiatives, their owners, and a brief description of their benefits.

E-signature is a cross-functional process that validates a contract

An important part of digitizing a business operation is validating or approving contracts and transactions. Once you automate a process – part of the digital transformation of your business – you may need to build in authentication or validation points into the process flow. E-signature is one formal, legally binding way to approve and validate an agreement. There are other less formal ways to check and move documents in the workflow, such as having a record owner toggle the status of a file to advance it to archive or to publishing.

The image contains a diagram to demonstrate how e-signature is a cross-functional process. The first diagram has business lines or agencies. There are change iniatives throughout the diagram, where several ongoing change initiatives in siloes. These initiatives include shared functions like Legal, Compliance, and Finance. The second diagram demonstrates Cross-functional programs dedicated to redesigning existing or developing new customer journeys. One or two customer journeys as standalone, one off projects.
The image contains a screenshot of the Thought model E-Signature: A Key part of digital strategy. There are six steps highlighted in the thought model: Retrieve, Decide, Automate, Email, Sign, and Retain.

E-signing step by step

What happens when you receive an email request to sign a document electronically?

  1. Signer receives an email invitation to sign a document, with a link to the document.
  2. Signer’s identity is authenticated at the time the document is received, via email, login credentials, security questions, third-party identity check, or SMS PIN.
  3. Signer is presented with the document to sign, accessible on their mobile device or desktop. Workflow rules determine who the documents go to and what they can do.
  4. Capture signature data, the document, and audit trail metadata (e.g. time stamp).
  5. Signer’s identity is authenticated at the time of signing. Optional depending on the rules and assurance level.
  6. Signer electronically signs the document, using click to sign, click to initial, or a hand-drawn signature.
  7. Signer may add data from other supporting documents, e.g. driver’s license.
  8. Signed document is delivered electronically or by paper.
Source: OneSpan, 2017.

E-signature: How it works

Sender retrieves contract from Records storage

Use e-signature workflow to send email invitation to signer and provide link to contract

Which security level applies? E-signature, digital signature, physical/”wet” signature

Signer follows link & applies signature & returns contract

E-signature workflow notifies sender of completed signature

Save contract, signature data, audit trail

Some e-signature services also provide a “home’ to upload and store records.

Know where your data and contracts are kept. Does your jurisdiction require that data be kept in-country?

Define the workflow steps, signers, and rules.
Ensure there is a policy and a means to audit adherence.

Business unit leads should be engaged to decide policies, practices, and solutions (i.e. governance).

Different e-signature laws apply in different states, countries, and industries.

They also differ by instrument type, e.g. mortgage, patent, income tax.

Consult legal counsel and security.

Signer authenticates identity using email, login credentials, or PIN.

E-signature is usually required for mobile devices.

For digital signatures, the signer is asked to provide a key as extra assurance that the signer is who they say they are and that the document has not been altered.

There could be more than one signer and signature on a contract.

Not all e-signature services accommodate multiple signers.

Do you need e-signature service or feature?

E-forms software with e-signature feature

E-signature service

E-signature feature in existing software

Key product points
  • Form builder with workflow and e-signature add-ons
  • Automated workflows
  • E-signature and digital signature
  • All-in-one easy to set up and use
  • Examples: Formstack, SimpliGov
  • Primarily e-signature and digital signature service, with workflow, notifications, and reporting/audits.
  • Enterprise solution for multiple departments & document types.
  • Comes loaded with features and support.
  • Examples: DocuSign, Adobe.
  • You may already have e-signature as part of your software, e.g. Microsoft, ServiceNow.

Pros & cons

  • E-signature is for use in these specific forms, not for other documents.
  • Automated workflows with e-signature feature built in mean one inclusive setup.
  • Robust e-signature option but scales up to handle all enterprise documents and workflows.
  • Can apply e-signature solution to other services, especially where there is a strategic partnership.
  • Easily integrated with a service you’re using already.
  • Not an enterprise e-signature service, tend to apply only to the products in that platform.

Security

Are e-signatures secure?

Different levels of security for electronic signatures

Electronic signatures are secure and legal

  • E-signatures are more secure from fraudulent use than physical (“wet”) signatures
  • Different transactions and jurisdictions require different levels of security, e.g. digital vs. e-signature.

E-signature security assurances:

  • Access to the document, e.g. email sign-in, access code, security questions, or SMS text message passcode.
  • Audit trail in a separate record describes all events and users in the workflow.
  • Platform security, safeguards on the data and processes in the systems.

Digital signature security assurances:

  • Data encryption in transit and at rest.
  • PKI (keys).
  • Certification (by a third party).
Source: Government of Canada, 2019.

Levels of assurance for e-signature

User authentication

E-signature services provide a range of options to verify the identity of signers before giving them access to the documents, including email, PIN code, and security questions. You may also be able to integrate the e-signature service with other third-party authentication services.

The assurance level required for an e-signature dictates the assurance level required for user authentication.

Memorized secret token

Preregistered knowledge token

Look-up secret token

Out-of-band token

Single factor OTP device

Single-factor cryptographic device

Multifactor software cryptographic token

Multifactor OTP device

Multifactor cryptographic device

Assurance Level 1

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Assurance Level 2

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Assurance Level 3

No

No

No

No

No

No

No

Yes

Yes

Assurance Level 4

No

No

No

No

No

No

No

No

Yes

Source: Government of Canada, 2019.

Digital signatures

How do digital signatures work?

The image contains two diagrams. The one on the left includes a diagram on the steps involved on signing a digital signature. The diagram on the right includes a diagram on verification on digital signatures.

Source: OneSpan, 2017.

Measure the success of your e-signature program

Customer experience: Measure the effectiveness of customer experience with sentiment, retention rate, return.

Time: Use e-signature and automated workflows to significantly reduce the turnaround time on completing contracts and the cycle time to recover revenue.

Digital transition: Track the number of users adopting e-signature and digital processing. How many manual and paper-based business processes have transitioned to e-signature? How many transitions from legacy systems and legacy system retirements?

Financial: Track administrative time to follow up on outstanding signatures. Track paper usage and storage space following the transition to digital workflows and e-signature, mailing.

Compliance: Track your organization’s adherence to standards and guidelines by business area.

Green business practices: Track reduced use of paper, delivery (fuel, vehicles), landfill.

Benefits of e-signature

Quantitative

Cost of handling paper

Other costs of using paper

Paper purchase, scanning, printing, disposal costs per year

Paper purchase $1,800

Printing/copy $7,200

Delivery
(mail, courier) $45,600

Scanning $58,800

Storage $24,000

Disposal $720

Total paper cost$138,120

Lost time: Signing paper takes significantly longer than signing electronically.

With e-signature, can sign multiple pages of a document at once.

Compliance and fraud costs: Paper can be lost or destroyed. Paper documents can be edited after signature.

Lost opportunity costs: Time spent chasing paper contracts could be directed to other business activities.

Document retrieval costs: Finding the right documents can take up to 25% of an employee’s day, amounting to tens of thousands of dollars per employee per year.

  • Assume each document has 10 pages, there are 3 copies (3 signatories) per document, and 10,000 documents per year.
  • US companies print 1.5 trillion pages per year.
  • Beyond the tangible costs of using paper-based signatures are the hidden costs that are harder to quantify, but the time and stress involved in manual processes (vs. automated) and physical handling (vs. digital) are real.
Source: DocuSign, 2020.

Benefits of e-signature

Qualitative

Feedback from employees

Industry findings

Impacts on employee work

Impacts on customer experience

  • The biggest benefit of electronic signatures is that they’re simple and easy to use. If you can open a link and click a button, you can use electronic signatures.
  • Electronic signatures are safer and more secure than traditional paper documents. Not only do they contain a signature, but they contain traceable information about who signed the document, when they signed it, and where they signed it.
  • The convenience of electronic signatures means there’s a much faster turnaround.
  • Electronic signatures are more cost-effective than the traditional pen-and-paper method. Not only do you save on paper, but you also save on postage, mailing supplies, and time. Over the years, these add up.
  • Companies who adopt eco-friendly business practices are favored over their competitors.

Phase 1

Discovery

E-signature use cases

E-signature workflows

E-signature laws

Model

E-signature roles

Governance and oversight

E-signature policy

Solution

Requirements

E-signature software review

Communications planning

Laws are a good place to start, but they do not provide answers to all detailed questions about adopting e-signature within your own organization. Consult your legal and IT security teams to make decisions about how to implement e-signature. Use cases will be valuable in understanding what activities are important and can benefit from e-signature services. Analyze your organization’s personas to see if they are ready for automation or require some coaching and an intuitive solution.

Background

The lack of e-signatures can become a show-stopper. The electronic signature solution is crucial for financial institutions.

Right-size solution for the use case

  • Multiple use cases with different risk levels, volumes, and complexity.
  • Identify opportunities for cost-effective contracts with e-signature vendors, economies of scale. Who really requires a license?
  • It makes sense to adopt more than one solution, if it makes sense for the use cases. However, there should be a catalog of acceptable (standard) products that integrate with the current systems and control “runaway” one-off solutions.

Key stats:

Division

Number of employees

Volume of documents

Document types

Corporate

200

3,000

Sales contracts

HR

50

1,000

Employee onboarding

Tax, NDAs

Invoices, Forms

TOTAL

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on This Topic

You can start as early as tomorrow morning. Our analysts will explain the process during your first call.

Get Advice From a Subject Matter Expert

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.

Unlock Sample Research

Author

Andrea Malick

Contributors

  • Anthony Costa, Research Analyst, Info-Tech Research Group
  • David Glaser, Principal Researcher and Advisor, CIO/Digital Strategy, Info-Tech Research Group
  • Ryan Huggett, General Counsel, Info-Tech Research Group
  • Vivek Mehta, CIO/Digital Transformation Research and Advisory Director, Info-Tech Research Group
  • Andy Neill, Chief Enterprise Architect and AVP Data & Business Intelligence, Info-Tech Research Group
  • Three anonymous contributors

Related Content: Enterprise Content Management

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy