Example of Digital Signature Acceptance Policy

Uncategorized 2 Minutes

1.     Purpose

The purpose of this policy is to provide guidance on when digital signatures are considered accepted means of validating the identity of a signer in XXX electronic documents and correspondence, and thus a substitute for traditional “wet” signatures, within the organization.  Because communication has become primarily electronic, the goal is to reduce confusion about when a digital signature is trusted.

2.     Scope

This policy applies to all XXX employees and affiliates. This policy applies to all XXX employees, contractors, and other agents conducting XXX business with a XXX-provided digital key pair.  This policy applies only to intra-organization digitally signed documents and correspondence and not to electronic materials sent to or received from non-XXX affiliated persons or organizations.

3.     Policy

A digital signature is an acceptable substitute for a wet signature on any intra-organization document or correspondence, with the exception of those noted on the site of the Chief Financial Officer (CFO) on the organization’s intranet:  <CFO’s Office URL>

The CFO’s office will maintain an organization-wide list of the types of documents and correspondence that are not covered by this policy.

Digital signatures must apply to individuals only.  Digital signatures for roles, positions, or titles (e.g. the CFO) are not considered valid.

Responsibilities

Digital signature acceptance requires specific action on both the part of the employee signing the document or correspondence (hereafter the signer), and the employee receiving/reading the document or correspondence (hereafter the recipient).

1. Signer Responsibilities

  • Signers must obtain a signing key pair from CEO/CFO.  
  • This key pair will be generated using XXX’s Public Key Infrastructure (PKI) and the public key will be signed by the XXX’s Certificate Authority (CA),
  • Signers must sign documents and correspondence using software approved by XXX IT organization.Signers must protect their private key and keep it secret.
  • If a signer believes that the signer’s private key was stolen or otherwise compromised, the signer must contact XXX Identity Management Group immediately to have the signer’s digital key pair revoked.

2. Recipient Responsibilities

  • Recipients must read documents and correspondence using software approved by XXX IT department.
  • Recipients must verify that the signer’s public key was signed by the XXX’s Certificate Authority (CA), by viewing the details about the signed key using the software they are using to read the document or correspondence.
  • If the signer’s digital signature does not appear valid, the recipient must not trust the source of the document or correspondence.
  • If a recipient believes that a digital signature has been abused, the recipient must report the recipient’s concern to XXX Identity Management Group.

4.     Policy Compliance

4.1 Compliance Measurement

The IT team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

4.2  Exceptions

Any exception to the policy must be approved by the IT team in advance.

4.3  Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply