This is a frequently asked question I get a lot about SharePoint.
So here are some questions and answers:
Q. What are Electronic Signatures?
Electronic signatures take the concept of traditional paper-based signing and turn it into an electronic “fingerprint.” Of an individual.
Q. What is the difference between digital and electronic signatures?
There is a clear difference between electronic and digital signatures, though these terms are often used interchangeably: Digital signatures (sometimes referred to as Advanced or Secure Electronic Signatures) are a result of a cryptographic operation. The technology behind digital signatures is an industry standard known as Public Key Infrastructure (PKI), which guarantees data integrity and non-repudiation of transactions. The digital signature cannot be copied, tampered or altered. On the other hand, Electronic signatures are electronic images that are physically or logically attached to the signed data.
Adding a sentence “I, Bob Smith, sign this document” is good enough to be considered as an electronic signature; however, it is clear that electronic signatures are easy to forge, unlike Digital Signatures.
Out of the box, SharePoint does not provide Electronic Signatures.
On a SharePoint form, there is the Digital Signature of the Created By and Modified By field which who created and last modified the forms.
Q. Can the Created and Modified fields be altered by a user with some kind of smart code?
These fields are reserved fields and can’t be modified by the user and can’t be altered with the current SharePoint API; my team has tried. Therefore these fields on a form would be very difficult if not impossible to change programmatically.
To do this, the following needs to be done:
– The programmer would need admin access to the SharePoint database. Unlikely, but if he’s a very good friend of the administrator, so there’s possibility.
– Knowledge of where the data is stored. Pretty easy, if you know the object data model.
– Changing the back end values, which would screw things up in the SQL tables, quite quickly.
Q. Does the electronic signature seal the form contents?
Any changes made to the form data, even altering a single letter, will be tracked.
Note: The electronic signature does not prevent a document from being changed and later re-submitted. Security access does this. This would be tracked
Q. How does a user ensure the identity of the form submitter?
It’s as strong your network log in on the network. This identification is based on the fact that the user is a recognized employee in the organization.
Q. Would this stand up in court?
Q. What happens if someone logs in with another person’s ID?
Then you do have a problem. But this would be the same in any system.
As a security procedure, I would recommend when a form is submitted, the submitter is sent a confirmation email.
Q. Who else is using SharePoint for records management and compliance?
A small government agency called U.S. Department of Defense. Given this administration, they are not that small 🙂
Q Can the form be taken off line?