June 11, 2021
With social distancing, work from home, and a general shift towards online business as the new normal, a consequence of the global COVID-19 pandemic, most companies are now feeling pressured into moving towards paperless solutions for nearly every aspect of their business. However, this may not necessarily be a bad thing. Electronic documents can offer multiple benefits to your organisation; the most obvious of which are cost and speed. Furthermore, depending on the nature and size of your business, a Document Management System (DMS)that captures, stores, and retrieves electronic documents can drastically improve the overall efficiency of your organisation. However, a core concern for most companies trying to make the shift is ensuring these items don’t get tampered with as they move back and forth between signatories. This is why most professionally managed DMS services also incorporate electronic or digital signature support. Of the two options, the latter is often the preferred option due to the significant boost in security and compliance it provides through the use of PKI protocols; more on this later. Regardless, both options offer businesses significant opportunities for savings, both in terms of cost and time.
So, what are electronic and digital signatures?
Simply put, an electronic signature is a way of representing your signature on a computerised document. This can include everything from using a desktop, tablet or even a mobile app to capture your signature or even just typing your name into a signature box. The most common example of this is the electronic ≠signature you use when you sign for a delivery on the courier’s digital device. In fact, electronic signatures provide the same legal standing as a handwritten signature so long as it adheres to the regulatory requirements of the respective country’s governing body. As such, they are now widely used in private affairs, legal dealings, business transactions, and even as part of official government documents.
A digital signature is, however, significantly different. It is in fact, the cryptographic mechanism used to legally implement a signature electronically into a document acting as a “fingerprint” of sorts for a transaction, guaranteeing the authenticity of the person signing a document. Anyone wishing to digitally sign a document will require a digital certificate unique to them alone. These certificates use a standard, universally accepted format, called Public Key Infrastructure (PKI), to provide the highest possible levels of security.
Electronic signatures are significantly less complex than a digital signature, in that they generally use proprietary methods for authentication. They are also, by their very nature, held independent of the document for which they are used. What we mean by this is, the details of a person placing an electronic signature are generally entered or stored independently of the signature itself and as such, if the proper measures are not taken, are open to abuse.
Digital signatures, on the other hand, utilise the aforementioned PKI protocol. This technology ensures each digital signature transaction includes a pair of keys: a private key and a public key. The private key is the signatory’s personal key which is unique to each user and is directly linked to the signer’s government approved ID card. It is this private key which is unique and is attached to the signer’s government approved ID card that is used to sign documents.
The public key on the other hand, is an openly available key used to validate the signatory’s electronic signature. At face value, the entire process of signing a document using a digital signature is rather simple, quick, and extremely secure, and takes place in just five steps:
- The first party prepares the document to be signed inside the applicable digital document handling service software and sends it to be signed.
- The second party reads, verifies, and electronically signs the document.
- The digital signature software encrypts the document using the signatory’s private key; thereby intrinsically linking the contents of the document and the digital signature.
- The signed document is then sent back along with a copy of the second party’s public key, which can be used to open the contents of the document, only if there is a direct match to the signatory’s private key. In some cases, as with Oman PKI (which we cover in more detail below), an electronic ID, mobile ID or Token serves as the public key and can be used to authenticate the identity of the user.
- If there’s a match, the business user will be able to confirm its validity and co-sign the document.
How secure are digital and electronic signatures?
Electronic signatures are generally as secure as the proprietary method of authentication they use. In most cases, they are relatively secure so long as they adhere to the required governing protocols in place. However, because they are not based on a globally accepted uniform standard, they are intrinsically less secure than digital signatures.
Because of the very nature in which PKI technology works, the encrypted data signed by a digital signature becomes part of the digital signature itself. Any attempt to alter the data, images included, will immediately invalidate the signature. Digital signatures are, in most cases time stamped, and can hold logs of events, showing when each signature was applied. Advanced programs can even send out alerts if these logs are tampered with. Furthermore, the keys are always created, conducted, and saved in a secure manner, using the services of a Certificate Authority (CA) to protect their integrity. As a result, digital signatures are extremely secure.
Oman Public Key Infrastructure (PKI) is a national initiative that sets the infrastructure needed for all government entities to provide eServices in Oman. As with any PKI it is designed to raise the level of security and authenticity of electronic paperwork. To achieve this, it is directly associated with a digital certification service (called Tam) linked to the National ID or Resident Card of the authorized signatory.
The service, provided by the National Digital Certification Center (NDCC) at the Information Technology Authority (ITA), allows all Omani Citizen and residents to use the government’s electronic services and transactions at a higher level of security, authenticity, integrity, and confidentiality.
Furthermore, the service is also protected by the Oman eTransaction law. This provides all users with the level of trust, given that all eTransactions carried out using an Oman PKI will be held to the same legality standards as handwritten signatures and the physical presence of the user.
With Oman PKI in place several government services can now be carried out online through digital validation of documents, without even requiring the physical presence of the user. This will not only save time, money, and effort, but will also make several government services accessible from everywhere and anytime.
At present there are primarily two ways to get your own digital identity registered in the country – via your identity card or via your mobile SIM card. The former is available for free and only requires the ID or resident card to be activated with your personal digital identity.
Signing using your ID or resident card would require the use of a card reader and, as such, is used primarily for signing documents on desktops. In order to do so, once the reader is plugged into said desktop, you would only need to review the document, add in your personal 4-digit code to sign, save, and then send it.
For mobile signing, you would be required to first obtain or replace your existing SIM with one that supports PKI. Once activated, the process is the same– review the document on your mobile, add in your personal 4-digit code to sign, save, and send. It really is that simple.
The process of adding a digital signature to a document depends on a user’s choice of software. One such system, and a rather effective one at that, is a Document Management System (DMS). At its core, a DMS is nothing more than a computer system and software to store, manage and track electronic documents. However, in practice these systems are incredibly more complex and exceptionally useful to any business, especially one looking to undergo a complete digital transformation.
DMS software makes it easy for businesses to combine both paper and digital files into a single hub. In fact, the broad range of documents supported by most DMS systems, make it easy for companies to scan existing physical documents and have their digital formats imported.
One thing DMS systems do well is the indexing of files. With the proper terms added to a document’s metadata, files can be found easily at any time, no matter how long back they were entered into the system.
Most DMS systems are also flexible enough to easily be integrated into various other systems in the business, such as enterprise resource planning (ERP), email systems, customer relationship management (CRM), various reporting systems, and more; importing and managing documents and metadata from each of these systems seamlessly. Furthermore, DMS systems are also capable of automating manual processes and workflows. By integrating your DMS with your ERP, for instance, you could set up the system in such a way that receiving an order can trigger a workflow in your document management system. This workflow will take the order through an approval process and on to fulfilment automatically. The same can also be done for payment systems and several other workflow processes. Even forms needing approvals can be sent for signatures automatically without needing someone to chase behind them.
Better still, the centralized nature of the system allows users to share and collaborate on files and documents with colleagues, regardless of their location. Files can also be shared via links to third party users, published online, and even be password-protected, complete with an audit trail, allowing you to track who has viewed or edited the files and documents.
Just as important as ease of access is document security, which is something DMS systems excel at. Not only do they include complete version control but also permissions as well; giving you complete control over who has access to the files and tracking what changes were made when.
As a whole, the integration of a good and reputed DMS system and offer a business better document organization, improve efficiencies, drastically lower costs, and offer complete data and content security.
e-Sign from The Data Park is our latest Oman based, secure e-signature and document management solution. This regulatory compliant ready automated system is an end-to-end document management signing solution that can drastically aid in the digital transformation of your business.
As expected of a DMS, the solution removes the paper based cumbersome process of printing, signing, scanning, and sharing. It helps your business to be completely paperless and digitally agile. It allows you to manage your documents on one locally hosted central platform, allowing you to create, collaborate on, store, and track documents from anywhere, at any time, and on any device.
The system is also incredibly flexible, offering out of the box integration with MS word and SharePoint, Dropbox, Microsoft One Drive, and Google Drive. It can also be offered as both an on premise and as a SaaS (Software as a Service) based solution. The platform is completely customizable based on your needs and requirements and, it can be molded to facilitate seamless integration with your existing ERP and MIS systems.
As the name implies, the platform also integrates a robust hybrid electronic signature solution (both electronic and digital signing). It enables you to request for or sign documents remotely from any corner of the world while maintaining the legal sanctity of the transaction. The system also offers complete security, meeting all local regulations and utilizing SHA 256-bit encryption. The system also fully supports PKI protocols, and is now fully integrated within the Oman PKI infrastructure.
For added security, the entire system is hosted locally at our TIA 942 Rating 3 certified Data Centres in Oman and as is expected of any high-end document management system, maintains complete tamper-proof digital audit trails of all documents within the system. Being hosted completely locally also means that the service provides clients with complete data sovereignty. This will help satisfy any regulations governing where data must be stored. This makes our e-Sign solution the only digital signature service in the country that is both Oman PKI integrated and locally hosted; and one that can now be used to validate both private and government sector documents.
As with all the world’s best DMS solutions, our e-Sign solution also offers robust tracking and support, complex workflow support, seamless integration with other core systems, On Demand Document retention and long-term storage, and 24×7 Support. The solution readily supports the Banking and Finance, Aviation, Law, Insurance, Life Science, Real Estate, HR, Education, Health care, and Telecom industries but can easily be customized for any other line of business or industry, should you require it. Regardless of the industry however, the solution will no doubt have a significant positive impact on your overall business efficiency and bottom lines.
So why not cut down on the paper trail and give a boost to your security and efficiency by implementing e-Sign today. You can find out more about e-Sign, as well as our other products and services, on our website www.thedatapark.com or you can reach out to us via phone on +968 2417 1111 or email us.
