Skip to main
University-wide Navigation

Q-1-6 Electronic Signatures

I. Purpose
  1. To provide guidance to University of Kentucky (UK) departments and employees on the implementation and use of an electronic signature process authorizing official transactions as permitted by Administrative Regulation 10:5. This includes how to:
    1. determine what forms are appropriate for electronic signatures;
    2. gauge the level of security needed;
    3. determine which methodology or technology to use;
    4. obtain approval to use electronic signatures; and
    5. responsibly use electronic signatures. 
II. Definitions
  • Authentication: the process of securely verifying the identity of an individual prior to allowing access to an electronic UK service.
  • Authorization: verification that an authenticated user has permission to access specific electronic UK services and/or perform certain operations.
  • Electronic: relating to technology that has electrical, digital, magnetic, wireless, optical, or electromagnetic capabilities or similar capabilities.
  • Electronic Signature (e-signature): an electronic sound, symbol or process that is attached to or logically associated with a record and that is executed or adopted with the intent to sign the record.
  • Information: data, text, images, sounds, codes, computer programs, software, databases or similar items.
  • Transaction: an action or set of actions occurring between two (2) or more persons relating to the conduct of business, commercial, or governmental affairs.
  • Unit: the UK unit conducting business by means of an e-signature; such as a college, department, auxiliary, or administrative division.
III. Responsibilities
  1. UK ITS Cybersecurity Team 
    1. Provide assistance to departments in the development or selection of the technology to be used for an electronic signature.
  2. Unit Data Custodian (as defined in AR 10:3.II.D)
    1. Assist unit personnel with the development of the e-forms.
    2. Determine the level of security to be used for those forms, based on the recommendations in section IV. B below.
    3. Determine the technology to be used for e-signature methodology, also based on recommendations in section IV. C below.
    4. Review and give final approval to all e-forms used exclusively within the department that do not require a heightened level of security.
    5. Review and approve inter-departmental e-forms then forward to the Area Fiscal Officer.
    6. Initiate the required biennial review process.
  3. Area Fiscal Officer
    1. Review and approve inter-departmental e-forms.
    2. Submit e-forms to the Executive Vice President for Finance and Administration for final approval.
  4. Employees
    1. Users must keep their unique authorization information secure and secret.
    2. The use of unique identifiers (e.g., passwords, PINs, etc.) must not be shared in order to protect the integrity of electronic authorization and authentication. 
IV. Policy
  1. UK considers electronic forms or e-forms to include:
    1. Any electronic process that requires authorization for its transaction to be initiated;
    2. Any electronic document that requires authorization for its intended transaction to be initiated; or
    3. Any electronic transaction that would otherwise require a handwritten signature for its intended action to be initiated. 
  2. The e-signatures process must be secure:
    1. Acceptable level of security:
      Standard username and password protected authorization, as well as a second method of authorization such as, but not limited to:
      1. Single use password device
      2. Physical security token (e.g., thumb drive with embedded digital certificate)
      3. Two-party security token submission
  3. Methodologies to be used:
    1. Preferred technologies to be used in either level of security are:
      1. ERP Automated Workflow
      2. Adobe Secure Sign
      3. UK Active Directory Authentication 
  4. Other technologies that may be conditionally used in heightened level of security are:
    1. Public Key Infrastructure
    2. Proprietary technology
    3. Other (with approval given by Information Technology Services)
    4. Certain technologies will require proof of appropriate audit trail
V. Procedures
  1. Electronic Signature Approval Process:
  2. Any proposal for the implementation of an electronic signature must include:
    1. What the signature would be authorizing
    2. A rational for the level of security requested
    3. Detail of the methodology/technology used for the signature
    4. Potential risks and costs associated with implementation
  3. For proposed electronic signatures intended for use in inter-departmental forms, or for electronic signature requiring a heightened level of security:
    1. The Unit’s Data Custodian must submit the proposal for electronic signatures to the relevant AFO for initial review.
    2. If the AFO is then initially satisfied with the electronic signature security level, purpose, costs, and methodology, he or she will present it to the Executive Vice President for Finance and Administration (EVPFA) office for final approval.
  4. For proposed electronic signatures intended for intra-departmental forms, and do not require a heightened level of security:
    The Unit’s Data Custodian can give final approval for use if he or she is satisfied with the proposed signature’s security level, purpose, cost, and methodology.
  5. Units must initiate a review and re-approval process on a biennial basis, following the original procedure laid out above. 
Revision Date

Filter BPM