Initially approved May 26, 2020
Policy Topic: Business Function and Risk Management
Administering Office: Legal Counsel Office
Western Carolina University (WCU or University) is committed to a secure digital environment in which the university is compliant with federal, state, and local laws and policies but is also able to move with flexibility in higher education related business operations. The University recognizes that electronic signatures are a requirement in today’s higher education environment to do business and is committed to safe and secure use of electronic signatures for University business.
This policy and all related procedures apply to faculty, staff, and students of the University and any individual or entity who has or plans to enter into a business or other contractual relationship with the University and applies only to those documents and Workflows that require any form of signature. This policy does not supersede any federal or state law(s) which specifically requires a handwritten signature.
1. Contract: An agreement between two or more persons that creates an obligation to do or not do a particular thing. A contract may be titled as an agreement, a memorandum of understanding, a memorandum of agreement, a promise to pay, or may use other terminology.
2. Document: Any Contract, record, Electronic Document, form, writing, or authorization in electronic or physical format.
3. Electronic Document: Any Document created, generated, communicated, sent, received, or stored by electronic means and may or may not contain or require a signature.
4. Electronic Signature: An electronic sound, symbol, logged action, or process attached to, or logically associated with, a Document or Workflow and executed or adopted by a person with the intent to sign the Document.
5. Digital Signature: A form of Electronic Signature that contains encrypted information that is unique to the signer called a digital signing certificate. It can be easily verified and informs recipients whether the document was modified after the signer initially signed the document. Digital signatures may be used to ensure the authenticity and integrity of an e-mail message or a document.
6. Handwritten Signature: Any symbol attached to, or associated with, a Document and executed or adopted by a person with the intent to sign the Document.
7. Workflow: An electronic process that proceeds from one individual or department to another, which usually entails an action or approval at each step, and may or may not require an electronic signature.
1. To the maximum extent permitted by law, the University accepts Electronic Signatures, as defined in this policy, as legally binding and equivalent to a Handwritten Signature to signify a Contract; authorize an activity or action; or otherwise authenticate a Document. Where a law or policy does not specifically require a Handwritten Signature, a requirement for a signature is met if the Document contains an Electronic Signature.
2. The University reserves the right to designate specific university processes that are to be conducted as transactions or maintained as Electronic Documents, and that are to be fulfilled by an Electronic Signature pursuant to this policy. Some processes may require the use of a Digital Signature to provide enhanced document authenticity and integrity.
3. All security procedures and technologies shall provide authentication and integrity to the extent that is reasonable for each Electronic Signature, as determined by the Chief Information Officer. Any Electronic Signature that does not employ an approved authentication method at the time of signature shall not be binding on the University, unless verified by a university official with the appropriate signature authority.
4. Each member of the University’s Executive Council shall determine the appropriate use or non-use of Electronic Signatures for each division under their authority and management unless otherwise directed by the Chancellor.
5. The University may, at its discretion and with the approval of the appropriate member of the University’s Executive Council, elect to opt out of permitting an Electronic Signature with any party or in any transaction, for any or no reason.
1. A handwritten signature on a scanned or otherwise digitally captured Document.
2. A graphic image of a signature placed on a Document (scanned or electronically generated) using secure software that verifies the identity of the signature user.
3. Marks, initials, checkboxes, or any similar attestation provided through an online form or Workflow that is accessible (a) only after authenticating into a secure online environment owned or managed by WCU and (b) is tied to the signature user’s specific credentials, including an e-mail from an employee’s official WCU e-mail address.
4. In the case of a student’s consent for disclosure of his/her education records and/or consent to participate in an educational/university-based opportunity, an e-mail from the student’s official WCU e-mail address (catamount.wcu.edu, e-mail.wcu.edu, or wcu.edu); consent provided through a Western Carolina University owned or managed portal; or any paper or online form that complies with the above criteria.
1. A graphic image of a signature placed on a Document and without a verifiable intent to sign. For example, an e-mail from a non-official WCU e-mail address along with the signed Document. An e-mail that does not come from an official WCU e-mail address would not be considered verifiable intent.
2. A typewritten name that has not been verified by secure software.
3. In the case of a student’s consent for disclosure of his/her education records and/or consent to participate in an educational/university-based opportunity, an e-mail from an e-mail address other than the student’s official WCU e-mail address, text message communication from any phone number, social media communication, or any other unauthenticated communication.
4. When a University policy requires a Handwritten Signature on a Document or when there is a legal requirement that requires a Handwritten Signature on a Document.
1. If parties have agreed to conduct a transaction by electronic means, an Electronic Document capable of retention must be retained. An Electronic Document is not capable of retention by the recipient if the sender or its information processing system inhibits the ability of the recipient to permanently retain the Electronic Document containing the signature.
2. Electronic Signatures and the associated data to validate the Electronic Signature are an integral part of an Electronic Document. Documents that contain an Electronic Signature must follow all federal, state and University required record retention as those that use a Handwritten Signature. The Electronic Signature and means to verify it need to be maintained for the full Document life cycle.
1. Individuals who falsify a Document and/or Electronic Signature may be subject to disciplinary action, up to and including termination of employment and criminal prosecution under applicable federal and state laws.
2. Where the end product of a work flow requires a high level of document integrity, a Digital Signature may be required at the discretion of the applicable member of the University’s Executive Council after consulting with the University General Counsel or designee.
3. Nothing in this policy is intended to authorize any individual to sign a Document on behalf of WCU if he/she has not been delegated such authority.
4. It is a violation of this policy for an individual to falsify an Electronic Signature or affix an Electronic Signature of another individual, unless he/she has been granted specific, written authority by that individual.
5. The presence of an Electronic Signature does not mean that the signatory was authorized to sign or approve a Document on behalf of the University.
This policy shall be reviewed and revised as necessary every two (2) years.
1. University Policy 62 – Contract Review and Execution
2. University Policy 106 – Identity Theft Prevention Program
3. University Policy 108 – Records Retention and Disposition
4. 600.1.3[R] Regulation on Acquisition and Disposition of Real Property Authority
5. ISO 27002-2013 14.1.3 Protecting Application Services Transactions