1104 PR.01 Electronic Signatures
This procedure supports Policy 1104 University Signature Authority. It describes the processes for requesting and using a secure, certificate-based Electronic Signature service approved by Information Technology Services (“ITS”), in accordance with Policy 1104, Section 1104.2.
This procedure does not cover the use of electronic signatures or similar mechanisms for use with non-legal, internal approvals. For information on appropriate mechanisms related to Approval Authority, refer to Procedure 1101 PR.06 Approval Authority.
Yale individuals with Signature Authority who wish to sign or execute agreements, contracts, and other legally binding documents on behalf of Yale using an Electronic Signature must only do so in accordance with the provisions of Policy 1104, Section 1104.2. Only the following certificate-based service is approved for use:
- Adobe® Acrobat™ Professional XI using GlobalSign® Trusted Digital Signatures (or latest version/service approved by the Office of General Counsel (“OGC”))
This application provides robust authentication and integrity for Electronic Signatures, as well as the capability for properly designated University officials to verify and validate the Electronic Signatures.
To request an approved Electronic Signature, the individual with Signature Authority (or designee) contacts the ITS Help Desk at 203-432-9000 and requests a GlobalSign electronic signing certificate for creating legal signatures. The ITS Help Desk forwards the request to Data Center Operations (“DCO”). DCO confirms that the individual for whom the request is sent (i.e., the “Requestor”) has Signature Authority (i.e., is listed in the Signature Authority Tool) and takes one of the following actions:
- Requestor does not have Signature Authority: DCO refers the Requestor’s name to OGC for review. OGC advises whether the Requestor has Signature Authority (e.g., Signature Authority has been formally granted but not yet reflected in the Signature Authority Tool). If, per OGC, the Requestor does not have Signature Authority, DCO denies the request for the creation of an Electronic Signature by responding accordingly to the emailed request. If, per OGC, the Requestor does have Signature Authority, DCO proceeds per the following paragraph.
- Requestor has Signature Authority: DCO approves the request and responds accordingly to the emailed request. DCO generates the electronic signing certificate and provides it to an appropriate desktop support provider (“DSP”). The DSP is then dispatched to install the electronic signing certificate on the Requestor’s device. Note: in order for the electronic signing certificate to work properly, the Requestor’s device needs to be a Mac or Windows device with an open USB port, Adobe Acrobat installed, and an active internet connection. The service does not work on most tablets and cellphones, nor does it work when connecting via RDP (Remote Desktop).
A. Specific Alternate Electronic Signature Circumstances and Services
Yale individuals with Signature Authority may use only the Electronic Signature service detailed above unless one of the following applies:
- the alternate Electronic Signature service is vetted and approved for use by the Information Security Office (email@example.com) and OGC (203-432-4949); or
- the other party to the contract has requested that Yale use an alternate Electronic Signature service to sign the contract and OGC (203-432-4949) has reviewed and approved both the contract and the use of this alternative Electronic Signature service.
Once an approved Electronic Signature has been obtained, use it to sign or execute agreements, contracts, and other legally binding documents on behalf of Yale. If assistance is needed, the ITS Help Desk(ITS Help Desk at 203-432-9000) can provide current and detailed instructions on using the tool. The following points are useful guidelines when using an Electronic Signature:
- Before signing a document, confirm that you have the appropriate Signature Authority to sign the specific document (see Signature Authority Tool).
- Whenever possible, open the document to be signed as a PDF in Adobe Acrobat. If you received a soft-copy (i.e., electronic) document in another format (e.g., Microsoft Word), convert it to a PDF file before opening. If you received a hard-copy printed document, scan it to a PDF file before signing.
- If the document you received is locked, you may need to obtain a password from the previous signer. In the alternative, you may print the document and affix your handwritten signature.
- If you are the only signer of the PDF file, you should lock the document so that it cannot be changed after you have affixed your Electronic Signature. You will need to set a password to prevent others from editing the document. If you are not the only signer, do not lock the document.