506: Use of Electronic Signatures and Records

Revised: January 2016

Purpose

This policy establishes guidelines for the use of electronic signatures, approvals, and records in official activities of the University of Nevada, Reno.

References

Nevada Revised Statute 790.090 "Electronic Record"
Nevada Revised Statute Chapter 720 - Digital Signatures

Definitions

• Approval authority - for purposes of this guideline, shall mean the dean or vice president of the department who has the ultimate responsibility over the business process. For example; a process resulting in a financial transaction would be approved by the Vice President of Administration and Finance for the University or a process resulting in a grant transaction would be approved by the Vice President of Research and Innovation.
• Approved electronic signature method - is one that has been approved in accordance with this guideline and applicable state and federal laws, and which specifies the form of the electronic signature, the systems and procedures used with the electronic signature, and the significance of the use of the electronic signature.
• Business Process Owner - is the department responsible for the process in which an electronic signature or record resides and responsible for maintaining process documentation.
• Electronic - relates to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
• Electronic record - is defined as any record created, generated, communicated, sent, received, or stored by electronic means.
• Electronic signature or approval - is defined as an electronic sound, symbol, or process, attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record and creates an electronic record.
• Record - is information that is inscribed in a tangible medium or that is stored in an electronic or other medium and is retrievable in recognizable form.
• Transaction - is an action or set of actions relating to the conduct of business, consumer, or commercial affairs between two or more persons.

Guidelines

1. Scope:

a. This guideline applies to all members of the University of Nevada, Reno community, and applies to all forms of electronic signatures/approvals and electronic records used to conduct the official business of the University of Nevada, Reno.
b. Such business shall include, but not be limited to electronic communications, transactions, procurements, contracts, grant applications, personnel documents, and other official purposes.

2. Use of Electronic Signature:

a. Mutual agreement by the parties**

i. This guideline applies only to transactions between parties each of which has agreed to conduct transactions by electronic means.
ii. Whether the parties agreed to conduct a transaction by electronic means is determined from the context and surrounding circumstances, including the parties' conduct.

b. Electronic record must be capable of retention

i. If parties have agreed to conduct a transaction by electronic means and a law requires a person to provide, send, or deliver a signed document to another person, the requirement is satisfied if the information is provided, sent, or delivered, in an electronic record capable of retention by the recipient at the time of receipt.

a. An electronic record is not capable of retention by the recipient if the sender or its information processing system inhibits the ability of the recipient to permanently retain the electronic record containing the signature.

c. Signature requires confirmation of signor

i. The signing of a record using an approved electronic signature is not considered complete unless the record has been signed by a person authorized to sign or approve that record and appropriate procedures are used to confirm that the person signing the record has the appropriate authority and intent to sign the record.

d. Signature is required by university policy or is required by law

i. When a university policy requires that a record have the signature of an authorized person or when there is a legal requirement that a record have the signature of an authorized person, that requirement is met when the electronic record has associated with it an electronic signature using an approved electronic signature method which complies with applicable university policy, Nevada law, and federal law.
ii. When a university policy requires a written signature on a document or when there is a legal requirement that requires a written signature on a document, that requirement is met when an electronic document has associated with it an electronic signature using an approved electronic signature method which complies with applicable university policy, Nevada law, and federal law.

**Except as required by law, this section does not require business process owners to provide alternatives to electronic signatures if electronic signatures are the chosen method for transacting business.

3. Approval of Electronic Signature Methods by the Approval Authority:

a. The final approval of any electronic signature method will be by the approval authority.

i. In determining whether to approve an electronic signature method, consideration will be given to the systems and procedures associated with using that electronic signature, efficiencies gained by the electronic signature and whether the use of the electronic signature is at least as reliable as the existing method being used.
ii. This determination will be made after a review of the electronic signature method by Information Technology, Office of General Counsel, or Administration and Finance as necessary.

b. An approved electronic signature method may limit the use of that method to particular electronic records, particular classes of electronic records, or particular university departments.

i. An electronic signature used outside of its defined parameters will not be considered valid by the University.

c. In the event that it is determined that a previously approved electronic signature method is no longer meets legal/policy requirements, the approval authority must revoke the approval of that electronic signature method.
d. The business process owner will be responsible for maintaining documentation on approved processes that include electronic signatures and records for audit purposes.

4. Rules and Procedures:

a. With respect to the use of electronic signatures or electronic transactions, the following requirements pertain to approved electronic methods;

i. Identify the business process and associated transactions that will be conducted by electronic means;
ii. Specify the manner and format in which electronic records must be created, generated, sent, communicated, received, and stored, and the systems established for those purposes;
iii. If a law or regulation requires that an electronic record must be signed by electronic means, the method must:

a. Specify the type of electronic signature required;
b. Specify the manner and format in which the electronic signature must be affixed to the electronic record; and
c. Specify the identity of, or criteria that must be met by, and third party used by a person filing a document to facilitate the process;

iv. Control processes and procedures must be developed and documented to ensure adequate preservation, disposition, integrity, security, confidentiality, and auditability of electronic records;
v. Control processes and procedures must be developed and documented for any other required attributes for electronic records that are specified for corresponding non-electronic records or that are reasonably necessary under the circumstances;
vi. An inventory of all approved electronic signature methods must be maintained; and
vii. Approval of an electronic signature method must be obtained as follows:

a. An analysis of the nature of a transaction or process to determine the level of protection needed and the appropriate level of risk. The analysis shall include:

(1) The full range of technological options and commercial trends where appropriate;
(2) Identifying and documenting any potential costs, quantifiable and unquantifiable, direct and indirect, in performing a cost/benefit analysis;
(3) Developing a comprehensive plan for converting a traditional process to an electronic one; and
(4) Identifying all information relevant to the process.

b. Request Business and Finance Campus Audit Division to review process to ensure it is in compliance with this policy;
c. Outline the steps of the electronic signature method so that reliability of the process can be demonstrated;
d. Submit to the approval authority;
e. Implement upon approval; and
f. Provide implemented method to the University Controller's Office.

5. Sanctions:

a. Any individual or party that makes inappropriate or illegal use of electronic signatures, transactions and/or records is subject to sanctions up to and including dismissal or suspension as specified in published university policies, Nevada and federal laws.