While you may offer an electronic method as the primary or sole way to complete a transaction, you generally cannot force someone to use an electronic signature if they are unwilling. If an individual is hesitant or refuses, it's best to explore alternative ways to complete the transaction or seek guidance from the appropriate university office.

An approval is often like giving a quick "okay" or a "thumbs-up" online. You do this for many routine university tasks, sometimes just by clicking an "Approve" button in a system after you've logged in. This is fine for those specific processes.

An electronic signature is more like your official, handwritten signature, but done digitally. It's used for more formal or important documents where the university needs a stronger, often legally recognized, confirmation of your agreement – think contracts, official HR forms, or significant university commitments.

So, while both show agreement, an "electronic signature" usually means a more formal process for more significant documents, while an "approval" can be a simpler, everyday action within university systems.

Yes, the university has approved Kuali as a solution to collect electronic signatures from ISU faculty, staff, and students, as well as from external individuals who have a sponsored account with the university.

DocuSign has been approved on a case-by-case basis, but requires departmental purchase, setup, and operation. There is no centrally provided support for DocuSign.

According to the university's Electronic Signature Procedures (9.8.8), any new method for using electronic signatures must first be reviewed and assessed for risk by the appropriate university offices. This is often handled on a case-by-case basis. To initiate this review, please email informationsecurity@ilstu.edu to request a discussion.

Alternatively, your department can use already approved university-wide solutions like Kuali, or explore departmentally funded options such as DocuSign (which requires a departmental purchase). It's recommended to consult the latest university guidance or contact the Office of Technology Solutions for the most current options.

No, simply using the standalone "Sign" feature in Adobe Acrobat to type or draw a signature on a document, without an overarching university-approved process, is generally not sufficient for official university business. While easy to use, this method by itself may not meet the university's and Illinois UETA's requirements for identity verification, audit trails, record retention, and demonstrable consent and intent that are built into approved solutions or more structured, reviewed processes.

Collecting electronic signatures through email is permissible only if specific procedural steps are followed. These steps are necessary to meet the legally required aspects of disclosure, signer consent, and proper record management as stipulated by laws like the Illinois UETA and the federal E-SIGN Act. Simply emailing a document and asking for a typed name in return may not be sufficient without these additional measures.

No, not at this time for official university business requiring a validated signature. While some software supports digital certificates, the university has not implemented the necessary technical infrastructure (like a comprehensive Public Key Infrastructure - PKI) to validate personal digital certificates reliably across campus. As a result, if a personal digital certificate is used, recipients' software will likely show a warning that the signature cannot be verified, rendering it unsuitable for official purposes where verification is key.

Assessing risk for electronic signatures involves two main aspects:

• Compliance Risk: This is an assessment of whether the proposed electronic signature method meets all the requirements of Illinois' electronic signature law (UETA). If a method doesn't meet these legal requirements, any signature collected might not be legally valid.
• Transaction Risk: This is an assessment of the specific document or transaction being signed and the potential harm or damage that could occur if the signature were successfully disputed or found to be invalid.
  • For example, a low-risk scenario might be an internal form for an employee to request a vacation day. If this signature were invalid, the consequences would likely be an internal administrative or disciplinary issue.
  • A high-risk scenario could be a contract for renting campus space for a large event, which includes terms and attestations. If this signature were invalid, especially if an incident occurred causing damage or harm, the university could face significant legal and financial consequences.

These requirements are not just internal university rules; they are rooted in state and federal law to ensure electronic signatures are legally valid and trustworthy. The primary law in Illinois is the Uniform Electronic Transactions Act (UETA), and there's also a federal law called the Electronic Signatures in Global and National Commerce Act (ESIGN). These laws allow electronic signatures to be given the same legal weight as handwritten ones, provided certain conditions are met.

For a detailed explanation of these conditions, such as ensuring consent, intent, and proper record-keeping, please refer to our Guidance for Electronic Signature Use.

Following these requirements helps ensure that the signature is attributable to the signer, that the document hasn't been altered, and that the whole transaction can be verified if ever questioned. This protects both the individuals signing and the university.