Ad Image

The Top Questions to Ask Your Government E-Signature Provider in the Digital World

E-Signature

E-Signature

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Sameer Hajarnis of OneSpan asks the tough questions you need to be asking of your e-signature provider, and examines why they matter.

In the last few years, e-signatures, among other digitized solutions, slowly slipped into everyday processes. They are present when onboarding, renting an apartment, drafting a contract– you name it. That being said, e-signatures have never been common at the government level.

Up until recently, the government didn’t operate the same way banks or hospitals do. In fact, they have been a little slower than commercial entities to adopt new technologies; however, budget pressure is changing that.

When you think about any type of government process – storing important records, rural development, food services, public services, etc. – they all, at one point or another, used to require paper documents and some form of handwritten signatures. The adoption of digitized workflows accelerated when in-person work halted due to the COVID-19 pandemic.

During this time, most traditional, paper-based signing processes were replaced with modernized e-signatures. Today, the government goes as far as turning to digital identity verification (ID) and remote online notarization (RON) to optimize higher-risk digital processes in the context of remote operations.

For example, in March 2020, the Michigan Department of Technology, Management, and Budget’s (DTMB) Records Management Services deployed OneSpan Sign’s e-signature solution as an interdepartmental shared service to route documents for signature. To date, over 1,000 users have been trained to use OneSpan Sign, with roughly 90 percent of basic use cases taking less than 30 minutes of training.

With this shift to digitized processes and increased use of e-signatures between agencies, security, and compliance must be top of mind. The government is set apart from other industries– their processes have a lot more oversight from numerous regulatory bodies. Government agencies also deal with the most sensitive and significant types of transactions, so it’s important that they remain secure throughout their entire lifecycle.

To find the best e-signature solution in regard to security and identity assurance capabilities, here are the top questions government organizations should ask potential vendors.

Top Questions to Ask Your Government E-Signature Provider


Are You FedRAMP Certified?

The first requirement any government agency should look for in an e-signature vendor is whether or not they are FedRAMP certified. FedRAMP basically tells you that if the vendor has this certification, they have addressed their broad-stroke security concerns. In short, they have, at the most basic level, a competent security framework approved on a standardized baseline.

E-signature vendors who operate at this level are obliged to procure solutions that are up to the FedRAMP standard. In order to become certified, the FedRAMP program requires vendors to comply with extensive security requirements that cover many diverse areas of information security, including access control, authentication, cryptography, physical security, and many more.

Vendors have to undergo a security assessment by designated third-party organizations initially upon certification and again afterward on a regular basis to maintain compliance.

Do You Support CAC/PIV?

Personal Identity Verification (PIV) credential cards are used government-wide. They’re utilized to access both Federally Controlled Facilities and information systems at the applicable security level. Additionally, Common Access Cards (CAC) are a specific subset of PIV cards used by the U.S. Department of Defense. It would only make sense that government agencies should seek an e-signature vendor that supports CACs/PIVs and other software/hardware authenticators, as they are used often in this line of work.

That said, if a vendor does not support these forms of authentication, it may disrupt government organizations’ workflows, making the process more difficult. Since e-signatures are at the heart of most business transactions, government agencies should be most concerned with how each vendor accommodates the user experience. If the vendor does support these methods, you must also consider whether the implementation is secure.

Do You Integrate with SharePoint, Salesforce, and Other Systems We Use?

Most government agencies are not focused heavily on the e-signature tool’s specific functionality, though they want to make sure the tool works in their technology stack. An e-signature vendor’s solution should be compatible with productivity tools that the organization is already using to streamline its workflow.

Seamless integrations of e-signature solutions with applications such as Salesforce and SharePoint are essential because they help to create an optimal, and intuitive user experience.

The integrations ensure signing happens smoothly, with minimum impact on the user flow or experience.

Is it Secure?

When it comes to security, government organizations need to look at the broad-stroke security measures of a solution– it’s not enough to be FedRAMP certified. The goal here is to find vendors that provide easy methods that are also secure. For example, intelligent adaptive authentication is a type of security that only adds pressure or friction when it detects it is needed in real-time. This type of security helps to preserve an optimal user experience.

There are two main indicators government agencies should be on the lookout for when choosing a secure e-signature solution: (1) control at the front end and (2) control at the back end. Control at the front end refers to authentication – this ensures only the genuine application or end-user can initiate signing requests. Control at the back end pertains to storing evidence, i.e. encrypting all data exchanged with the application. This guarantees documents cannot be tampered with, and adversaries cannot eavesdrop on sensitive content.

If an e-signature solution has these capabilities, government agencies can take it a step further by looking into other features. These features include, but are not limited to:

  • Flexibility: Often, organizations will deploy an e-signature tool to one department but will eventually expand their use across the organization.
  • Custom branding: Does the e-signature solution enable your organization to maintain its brand throughout the e-signature process?
  • Ease of use: Is the e-signature solution simple to use for all users? Is it accessible?
  • Automation and process efficiency: Does the e-signature solution integrate with your organization’s upstream and downstream systems to enable straight-through processing? Are you able to enforce business rules throughout the signing workflow? Is the solution robust enough to allow for optional processing steps such as flexible data capture, document insertion, and multiple signature options?
  • Identity assurance: Does the e-signature solution offer various authentication methods to validate known and unknown end-users?
  • End-to-end audit trail: Does your e-signature solution make it easy to access details about the transaction to prove compliance?
  • Document integrity: Does it create a digital signature for each e-signature?

Conclusion

Looking ahead, as many government organizations and constituents are becoming more accustomed to digital interactions, choosing a vendor that secures the entire agreement process, from identity verification and authentication to signature, is of the utmost importance. These e-signature solutions must have a strong foundation of security and identity assurance capabilities to operate at this level.

When the right e-signature solution is implemented – one that is secure, compliant, and FedRAMP certified – government organizations can secure and automate the workflows that matter most to their agency, ultimately creating better interactions between government and citizens.

Share This

Related Posts