Integrated CSU Administrative Manual

CSU POLICY

Section:  INFORMATION SECURITY POLICY

Section 8000 Policies

Policy Number:  8100.0

Policy Title: Electronic and Digital Signatures

Policy Effective Date: April 1, 2011

Last Revision Date: December 5, 2012
(see revision history)

POLICY OBJECTIVE

It is the policy of the CSU to permit the use of electronic or digital signatures in lieu of handwritten signatures. Usage of electronic or digital signatures is at the option of an individual campus or the Chancellorís Office provided they conform to the terms set forth in this policy.

This policy does not pertain to facsimile signatures printed on checks issued by the CSU.


POLICY STATEMENT

100 Electronic Signatures

An electronic signature is an electronic sound (e.g., audio files of a person's voice), symbol (e.g., a graphic representation of a person in JPEG file), or process (e.g., a procedure that conveys assent), attached to or logically associated with a record, and executed or adopted by a person with the intent to sign the record.

200 Digital Signatures

A digital signature is a specific type of electronic signature that uses cryptographic transformation of data to provide authenticity, message integrity, and non-repudiation.
For a digital signature to be valid, it must be created by a technology accepted for use by the State of California and conform to technologies capable of creating digital signatures as set forth in California Government Code Section 16.5:

(1)     It is unique to the person using it;
(2)     It is capable of verification;
(3)     It is under the sole control of the person using it;
(4)     It is linked to data in such a manner that if the data are changed, the digital signature is invalidated;
(5)     It conforms to Title 2, Division 7, Chapter 10, of the California Code of Regulations.

300 Electronic and Digital Signature Implementation

Campuses must develop procedures to identify, evaluate, and document where electronic signatures are permitted and digital signatures are required.  Procedures should follow a risk assessment methodology defined in the Electronic and Digital Signature Standard and must be approved by the Vice President for Administration/CFO.

Campus and Chancellor’s Office standards and procedures for electronic signatures must meet CSU electronic and digital signature standards and may be used for transactions between the CSU and outside parties only when approved by the campus Vice President for Administration/CFO and when both parties have agreed to conduct transactions by digital means.

400 Acceptable Use

Simple Electronic Signatures may convey intent of an individual to sign a record and are often easier to implement.  Simple electronic signatures may be acceptable and authorized for internal campus or Chancellor’s Office uses involving low risk.

Digital Signatures may be used where simple electronic signatures are acceptable and authorized for use.  They may be permitted or required for any record or document where a signature is required by Federal law, California law, or by CSU policy unless a handwritten signature is explicitly required.  Digital signatures must be used instead of a simple electronic signature when legally required or when greater risk exists.
 
The presence of an electronic signature does not mean that a record was properly signed or that the signatory was authorized.  Campus and Chancellor’s Office procedures must identify the person by position who is authorized to sign, approve, and/or prevent unauthorized actions from being taken as a result of an electronic signature.

 

Benjamin F. Quillian
Executive Vice-Chancellor/Chief Financial Officer

Approved: December 5, 2012

APPLICABILITY AND AREAS OF RESPONSIBILITY

 

REVISION HISTORY

April 1, 2011

October 6, 2011

RESOURCES AND REFERENCE MATERIALS

Useful Guidelines:

8100.S01 CSU Electronic and Digital Signature Standards and Procedures

Related Principles:

 

Sound Business Practices:

 

Laws, State Codes, Regulations and Mandates:

  • California Government Code 16.5
  • California Civil Code 1633.1 – 1633.17
  • California Code of Regulations, Title 2, Division 7, Chapter 10, (Cal. Admin. Code tit. 2, § 22003)

COGNIZANT OFFICE(S)

CO Manager:

Mr. Mark Crase
Interim Assistant Vice Chancellor of Information Technology Services and CIO
CSU Office of the Chancellor
mcrase@calstate.edu

Subject Expert:

Mr. Mike Trullinger
Director of Identity & Access Management
CSU Office of the Chancellor
mtrullinger@calstate.edu

Mr. Javier Torner
Information Security Officer
CSU San Bernardino
jtorner@csusb.edu

Affinity Group:

Feedback/Questions/Comments