Digital signatures are the perfect tool for digital transformation of your organization. Open, standard digital signatures enable you to easily create truly paperless business processes. With digital signatures, your pdf's and other document types include the digital signature, there is no need to rely on a third signature company for signature verification. Your digitally signed pdf, itself, serves as your original document. Its signatures may be verified by using the free PDF Reader or other applications. Open digital signatures ensure no lock-in and full interoperability between signature applications from multiple vendors.
Crossing the Rubicon: Digital Signatures and Digital Transformation
1. ARX | 855 Folsom St. Suite 939 San Francisco, CA | (415) 839 8161 | www.arx.com | sales@arx.com
Crossing the Rubicon: Digital Signatures
and Digital Transformation
Larry Kluger
CoSign Marketing Manager, Integrations
larryk@arx.com
Ronan Lavelle
UK Country Manager
2. Digital signatures are already in use in your industry and many
others. You will use digital signatures, the only question is when.
Digital signatures use open, international and national (UK)
standard technology.
Open digital signatures for digital transformation.
(CoSign)
3 Things to Remember
3. Legal & regulatory
framework
• EU Directive on a Framework for Electronic Signatures
(99/93/EC)
• UK – Electronic Communications Act 2000
• UK - Electronic Signatures Regulations 2002
• FDA CFR 21 part 11
Technology match Digital signature solution must be:
• uniquely linked to the signatory
• capable of identifying the signatory
• created using means that the signatory can maintain under
his control
• linked to the data to which it relates in such a manner that
any subsequent change of the data is detectable.
Can you use digital signatures?
Yes!
4. European Court of Human Rights, Strasbourg France
Digital transformation: workflow system in place, using SharePoint
But, still too much paper needed to be signed
Solution: CoSign Open Digital Signatures
Results:
• Meets all legal and security issues
• Full electronic archiving with no need to scan
• Over 300,000 digital signatures per year
Case Study
5. Technology and terminology were created by boffins—it can be
confusing…
Digital Signatures same as Advanced Electronic Signatures. Same as
Open Digital Signatures. Same as Open Signatures. Same as X.509
digital signature.
―Electronic signatures‖ and ―E signatures‖ refers to any computer
technique for signing. All Digital signatures are E Signatures, not
all E Signatures are Digital signatures.
Open Digital Signatures
6. Digital Signatures: open, interoperable standard confirms document
integrity, signer identity and intent. Peer-reviewed and vetted for security
and consistency by: NIST, ETSI, ISO, IETF, W3C.
Digital Signatures on one foot
+ +
Document hash code Public/
Private Key
Digital ID
Hidden part of a digital signature
Document integrity confirmed Document change detected
Visible part of a digital signature
7. Digital Signatures: open, interoperable standard confirms document
integrity, signer identity and intent.
Digital Signatures on one foot
Document integrity confirmed Document change detected
Verification by different applications
NB. It is mathematically impossible to create an undetectable change
8. The power of using open standards:
No lock-in
Interoperability: a document signed with one app can be viewed
and verified using another application
Best value: vendors focus on better features for you, not re-
inventing proven technology
Best technology: the standards and their technology are under
constant scrutiny by academics and industry. Conformance testing.
Open Digital Signatures
10. City investigates forged approval
Fraud alleged on three engineer's seals
By: Jen Skerritt 02/21/2013 1:00 AM
Whoever forged an engineer's seal of approval on three Winnipeg
properties could be charged with fraud or fined up to $20,000.
A recent report revealed the city revoked three of Hollywood Homes
Inc.'s building permits for properties on Pritchard Avenue, Bowman
Avenue and Chevrier Boulevard after officials discovered submitted
drawings were deliberately altered to indicate they were approved by
an engineer.
http://goo.gl/3nxzg
12. Digital Transformation and Digital Signatures
The Forrester Wave™: E-Signatures, April, 2013
“Enterprise architects should include e-signatures as part of an
overall ECM and BPM strategy… a foundational technology along
with records management, eDiscovery, and other content
services.”
“Dramatic savings, successful implementation, no legal
challenges”
13. Digital Transformation and Digital Signatures
Level 1: Paper scanned and tracked online. Print, sign, scan.
Slow, expensive, error-prone. And what happens to the signed
original?
Level 2a: Original documents are created on-line and digitally
signed. The digitally signed document is the original. The signed
document remains signed and verifiable when sent out of the ECM
system.
Level 2b: Form data is stored in XML format, digitally signed. This
enables signed/certified/authorized data to remain machine-
readable.
14. Documents and signatures
Need signatures on
more than half
of their documents
Add more than 1 day to
their processes just to
collect signatures
Print more than half of
their documents
just to add signatures
Source: ARX/AIIM Survey - 2013
16. Digital Transformation and Digital Signatures
Save Money with a 12 month (or faster!) ROI
Customer and Employee delight
Your digital signature project will be the most successful of your
digital transformation projects
Your competitors are already investigating open digital signatures
17. Case Study
Povisa Hospital, Vigo, Spain
Digital Transformation project (paperless hospital) based on their
existing applications
Developed their own connector using CoSign’s Signature API
Result: No more paper. Better, faster systems and processes for
staff and patients.
18. Digital signatures are already in use in your industry and many
others. You will use digital signatures, the only question is when.
Digital signatures use open, international and national (UK)
standard technology.
Open digital signatures for digital transformation.
(CoSign)
3 Things to Remember
19. What to look for in a Digital Signature solution?
Implements the open digital signature standards. Conformance
tests. Interoperates with no problems.
Low Total Cost of Ownership: automatic synchronization with
Active Directory and other directory systems. – Administering
signers should not be a burden.
Integrate with a range of document applications
Connectors (products, not specials) for ECM systems (SharePoint,
OpenText, Oracle, Alfresco, etc)
APIs enable developers to extend and integrate the signature
system with your own apps and products
20. Why CoSign?
• Freedom of choice
• Control and security
• Comprehensive compliance
• Low TCO: Cost-effective operations
21. The Forrester Wave™: E-Signatures, April, 2013
The most advanced Digital Signature Solution
“CoSign by ARX has the most advanced digital
signature capability in the field… easily integrates with
internal security and credential management along
with a strong central administration”
22. Regulated and security-minded markets, industries and governments
Dominant Market Share
Life
Sciences
Architectural,
Engineering
&
Construction
US Federal,
State and &
Local Gov’t
Finance, Legal
& Insurance
Healthcare
Payers &
Providers
Labs, Research
& Education
EU & Other
Global Gov’t
Energy &
Petrochem
24. CoSign integrates seamlessly with your existing workflows and technologies
Document authoring tools Enterprise business systems Web-enabled applications
Freedom of Choice
25. Freedom of Choice
In-app on the desktop
Embedded in your ECM solution
As part of your key business workflows
On any device
With your own applications and
products ???
CoSign® Central CoSign® Cloud
27. CoSign adapts to your requirements instead of the other way around
Procedures and policies User provisioning Authentication
(HR, security, proofing, etc.) and user-management methods
Leaves the Controls In Your Hands
28. CoSign meets the broadest diversity of regulation and compliance worldwide
Digital Signature Industry Governmental
Standards Regulations Acts & Directives
Comprehensive Compliance
ESIGN UETA
GPEA UECA
EU UK
(HIPAA)
(SOX)
30. CoSign Central (appliance)
• FIPS (140-2 level 3 certified)
• Enterprise (1U rack-mountable)
CoSign Cloud (hosted)
CoSign Web App
CoSign Connectors
• SharePoint, Nintex, K2
• OpenText, Oracle, Alfresco, Laserfiche, SAP
• Box, Google Drive
CoSign for Developers
• CoSign Signature API (SAPI)
• CoSign Signature Web Agent
CoSign Product Line
31. Centralized Turnkey Control
User Directory
(AD or LDAP)
End-Users
Securely Request
Signature Services
Signature
Privileges
Admin (onboarding
and HR policies)
FIPS 140-2
level 3 secure
appliance
CA / Certificate
Management
Key Management;
Private Key Ops
Graphical Signature
Management
Desktop Access
Web Access
Mobile Access
With a digital signature the viewer also gets a visual indication of the signature’s validity; No tampering will ever go un-detected with a digital signature.
With a digital signature the viewer also gets a visual indication of the signature’s validity; No tampering will ever go un-detected with a digital signature.
Self-contained, portable and sustainable records with embedded digital signatures which can be verified independent of technologies, timing, organizations and geographies.With a digital signature the viewer also gets a visual indication of the signature’s validity; No tampering will ever go un-detected with a digital signature.Only digital signatures create self-contained, portable and sustainable electronic records that have value and trust outside of the repository and the organization, independent of the system that created them.
GxP: Quality Management (QMS) and Electronic Document Management (EDM) for compliance and audit documentation including SOPs, work instructions, training records, and project/task specific documentation.GCP: Clinical data and Site Visit Monitoring Reports needing to be signed by CRAs and project managers. cGMP: Manufacturing Execution Systems (MES), Recipes and Electronic Batch Records (EBRS).GLP: Lab Reports, Certificates of Analysis, and Chain of Custody forms, LIMS. R&D: Electronic Lab Notebooks (ELN) and other IP/patent documentation. And other non FDA regulated enterprise operations: HR, Legal, Finance, Contracts, Agreements, Executive Management, Purchasing, AP/AR, Sales & Marketing...Transactional Document ExamplesGovernance Document ExamplesClaimsClinical DocumentationCustomer service change ordersDesigns, Drawings, PlansField Service, Maintenance, and Calibrations ReportsGeneral Contracts, Master Service, and Sub-contractor AgreementsHIPAA patient forms and consent formsInvoicesLab Reports, Notes, and Certificates of AnalysisLease AgreementsLoan AgreementsManufacturing Instructions and ReportsMedical RecordsPleadingsPurchase OrdersSale ProposalsTest ProceduresWork OrdersBoard ActionsCorporate Communications and Public ReportsDisbursements: Check, Wire Transfer Orders, and ACH TransactionsEmployee ActionsEmployee Benefit ChangesEmployee On-Boarding DocumentsEmployee Time SheetsEmployee Training AcknowledgementsExpense Reports & Re-imbursement ApprovalsFinancial Spreadsheets: Data Collection and AggregationGift RecordsJournal Entries related to Accounting and General LedgerStandard Operating Procedures, Policies, Work Instructions, and Training DocumentsTax Filings
Life Sciences and FDA Regulated IndustriesCoSign has > 90% market share in the FDA regulated industries8 of the top 10 Pharma, 7 of the top 10 CROs, 5 of the top 10 Medical Device, AEC, High-Tech and Discrete ManufacturingARX chairs the Fiatech digital seal / signature project; ~20% of the ENR 50 Design use CoSignAutomotive, consumer/office/ scientific product engineeringUS Federal and Local GovernmentFederal: US Courts, NASA, HHS, DHS, VA, DOJ, DOT, DOE, FBIUS Commodities & Futures Trading CoLocal: DOTs, Health Depts, Public Safety, Transportation, District Clerks, Cities, CountiesFinance, Insurance and Legal Services; US COURTS (federal judiciary); ACORD (insurance standard body)Banks, insurance companies and law firms around the worldHealthcare Providers and PayersProviders: Health Depts, clinics, hospitals, EMR/EHR applicationsPayers: BCBS plans, the largest US insurance company, and the ACORD standards bodyEducation, Labs & Scientific ResearchSchool boards, universities & colleges, 50+ academic / CROs100+ Central Labs use CoSign, as well as numerous GC, LC, MS, Analyzer, LIMS, ELN VendorsEU and International GovernmentExecutive, legislative, and jusidicial branches and militaryEven the European Commission - the executive body of the EU - uses CoSignEnergy, Petrochem and Process ManufacturingNational Nuclear Security Admin, Los Alamos National Labs
Unlike a proprietary electronic signature service, CoSign does not force use of fixed or rigid workflow, routing, forms or document management. Instead, CoSign is a flexible “signature engine” that easily integrates withany existing/future business process automation systems and technologies (enterprise and cloud) that you prefer for your specific applications. Any content authoring, workflow, DM, ECM, etc. application can be enabled using CoSign’s Signature API (SAPI) or Web Signature Agent (WSA) and many applications are already “CoSign Ready”
It is ARX’s philosophy that our clients and partners should (must) have the freedom to choose and control the methods, policies, procedures and technologies that best fit their organizational governance and SOPs.You should not be required to re-engineer your business or disrupt your work environments because of the narrow specifications and requirements of some outside party or vendor including ARC. CoSign adapts to your polices, procedures and complementary technologies - not the other way around.
CoSign is a standards-based digital signature solution. In the US these standards are known as FIPS PUB 186-3, FIPS PUB 180-3, and ITU-T X.509v3. These same standards are recognized, endorsed and adopted by governments, industries, and software vendors globally under NIST, ETSI, ISO, OASIS, IETF, and W3C.
User-management policy (directory/DB) drives signature-privilege management.Signature credentials (keys & certs) maintained in secure appliance.CoSign Deploys in ~3 hours.
Hence, CoSign provides Medium to High Assurance Digital Certificates for unique and individual identities.Not Rudimentary or Basic Assurance Digital Certificates - or even No Digital Certificates – used by many proprietary e-Sig SaaS services.
CoSign / Digital Signatures are NOT just an electronic replacement for Pen & Paper!
CoSign Central Appliance (ENT or FIPS) – hosted by end user organization or by ARx, installed and operational in < 2 hours.CoSign Agent + other features like MS Office Add-in and/or OmniSign distributed, users can upload graphical signatures.CoSign Agent + other features like MS Office Add-in and/or OmniSign can be loaded to virtual server (Citrix, Terminal Server).CoSign Agent can be loaded to Web Application Server and use the CoSign SAPI for server side signing (no CoSign client software required).CoSign Add-on for SharePoint can be loaded to SharePoint Application Server(s) for server side signing (no CoSign client software).
CoSign / Digital Signatures are NOT just an electronic replacement for Pen & Paper!
CoSign / Digital Signatures are NOT just an electronic replacement for Pen & Paper!
Corporate EnterprisesCoSign provides an ever-present, secure and consistent signature service for the enterprise.CoSign is installed in hundreds of organizations as a enterprise or department-wide signature service for employees.Enterprise installations: 360,000+ users (avg: 500 users per account)Software ISVs, VARsIndependent software vendors and value-added resellers can add value to your clients with CoSign integration. CoSign is supported in leading document authoring tools and formats and advanced business process automation systems.SaaS and CloudsCoSign provides private clouds and SaaS service with a robust and easy to integrate signature engine.Cosign digital signature engine installations at public and private cloud services serve millions of users
CoSign Signature Web Agent (SWA) or API (SAPI) can be used to integrate any other form, workflow, EDM/ECM or business applicationDesktop authoring tool vendors including Microsoft (Office Word & Excel, InfoPath), Adobe and other PDF suppliers, IBM (Lotus Forms), AutoCADElectronic Document Management system vendors including Microsoft (SharePoint), NextDocs, Laserfiche, IBM, Oracle, OpenText, etc.Workflows automation vendors including Microsoft (SharePoint), Nintex, and K2 (BlackPearl and BlackPoint)ERP, CRM, MES, LIMS and ELN systems
eClinical Portals: CTMS and eTMF web applications where clinical sites, IRBs, labs, CROs and sponsors participating in clinical studies can sign FDA Regulatory Packet forms, agreements and other documentation. This includes sponsor or CRO hosted private clouds and leading SaaS vendors.Patient Reimbursement Portals: Hosted web portals for patient assistance and reimbursement support. In these portals, doctors that prescribe drugs, and patients seeking financial assistance to pay for the prescriptions, can digitally sign the required documents to apply for reimbursement.Electronic Medical Records: web based, HIPAA compliant EMR services enabling staff and patients to sign various medical documentation. Contract Lifecycle Management: hosted CLM clouds for various parties to sign and counter-sign contracts and agreements.