BACKGROUND Federal and state law recognizes that an electronic signature has legal effect and is enforceable. To increase the efficiency of transactions that require approval or authorization by signature, the University supports the use of electronic signatures, so long as their use meets legal and security requirements. SCOPE This policy governs all uses of electronic signatures when conducting business on behalf of the University, including all business units and affiliated foundations. This policy applies to all employees and students. DEFINITIONS For purposes of this policy, the following definitions apply: Authentication: the assurance that an electronic signature is that of the individual purporting to sign a record or otherwise approving an electronic transaction. Electronic Signature: a computer data compilation of any symbol or sound or a series of symbols or sounds attached to or logically associated with a record and executed and adopted by an individual with the intent to affix a signature to approve the record. Record: a record created, generated, sent, communicated, received, or stored and signed or approved by electronic means. Signature Authority: permission given or delegated to an individual to sign a record (electronically or by hand), access specific University services, and/or perform certain University operations, including executing agreements that bind the University. POLICY STATEMENT Electronic signatures may be used to conduct University business as provided for by this policy. Electronic signatures may not be used when an applicable law, regulation, or University policy or process specifically requires a handwritten signature. General The University supports and may require the use of electronic signatures when conducting University business. The University may, at its discretion, elect to opt out of conducting business electronically with any party or in any transaction, for any reason or no reason. The University accepts an electronic signature in place of a handwritten signature in University transactions when a signature is required, except: - in instances in which the other contracting party will not accept an electronic signature; or
- where applicable law, regulation, or University policy or process requires a handwritten signature or otherwise does not allow an electronic signature.
To determine if electronic signatures are used in an internal workflow/approval process, contact the applicable systems administrator. Validity To the fullest extent permitted by law, the University accepts electronic signatures as legally binding. An electronic signature is not valid if: - applicable law, regulation, or University policy or process requires a handwritten signature; or
- the individual does not have signature authority to sign the record to approve the transaction.
Authentication All electronic signatures must employ a University-approved authentication method at the time of signature. The presence of an electronic signature does not mean that the signatory was authorized to sign or approve on behalf of the University. Appropriate procedures must be used to confirm that the person signing the record has the appropriate authority. The Senior Vice President for Finance and Administration is responsible for approving electronic signature authentication methods. Approved systems of record for electronic signature can be located on the UAB Information Technology website. No other methods may be used without express authorization of the Senior Vice President for Finance and Administration. Retention Electronic signatures and the associated data to validate the electronic signature are an integral part of the record. Electronically signed documents must follow the same record retention as those using handwritten signatures. The signature and means to verify it need to be maintained for the full records life cycle. For more information, see UAB’s Records Retention Policy. Responsibilities All individuals with signature authority are responsible for activities conducted under their user ID and are expected to take all precautions to safeguard their password and files to prevent inappropriate use. Sharing of passwords or other access tokens is prohibited. It is a violation of this policy -
for an individual to affix a signature of another individual, unless he or she has been granted specific, written authority by that individual; or -
to falsify an electronic signature. Individuals are expected to report any actual or suspected fraudulent activities related to electronic signatures immediately to any manager or supervisor in the appropriate department, school/college, or other applicable unit or through other appropriate channel such as the UAB Ethics Hotline. NON-COMPLIANCE Confirmed violations of this policy will result in consequences commensurate with the offense, up to and including termination of employment, appointment, student status, or other relationships with UAB. Individuals may also be subject to criminal prosecution under applicable federal and state laws. IMPLEMENTATION
The Office of the Senior Vice President for Finance and Administration is responsible for the implementation of this policy, including developing and providing training to the University community prior to their authorized use of electronic signatures. Related Resources |