Electronic Signature Policy

III.    Definitions

Approved Electronic Signature Method:  an Electronic Signature Method that has been approved by the E-signature Committee as in compliance with this Policy and all applicable laws and regulations and appropriate for the circumstances in which the Electronic Signature is obtained.  In order to be approved, an Electronic Signature Method must:

• Include the ability to verify the identity of the signatory;
• Support the applicable business purpose and workflow; and
• Permit the information to be retrievable in the future and auditable.

Approved Non-Standard Electronic Signature Use:  a Non-Standard Electronic Signature Use that has been approved by the E-signature Committee.

CUIT: Columbia University Information Technology.

CUIMC IT: Columbia University Irving Medical Center Information Technology.

Electronic Signature:  an electronic sound, symbol or process, attached to or logically associated with an electronic record and used by a person with the intent to sign such record.

Electronic Signature Method:  with respect to any Electronic Signature Use, the method by which the identity of the applicable signatory and his/her intent to use an Electronic Signature has been verified. Any method must be approved by the E-Signature Committee prior to use.

Electronic Signature Use:  the use of an Electronic Signature.

E-signature Committee: a committee charged with administering this Policy, whose members are University officers selected by OGC and IT leadership. The committee consists of  representatives from OGC, CUIT,  CUIMC IT, Procurement and the Controller’s Office. School or department officers will collaborate with the E-Signature committee to obtain approval for electronic signature use cases.

Non-Standard Electronic Signature Use: any Electronic Signature Use other than a Standard Electronic Signature Use. 

OGC: Office of the General Counsel of the University.

Standard Electronic Signature Use:  an Electronic Signature used described in Section IV(B)(3) of this policy.

IV.    Policy Text

This Policy applies to transactions between the University and any affiliate or third party, each of whom has agreed to conduct transactions by electronic means.  Transactions internal to the University are not subject to this policy.

A. Use of an Electronic Signature  

1. Subject to the limitations and supplemental approvals required by this policy, when a University policy, a law or a regulation requires that a record be executed by a responsible person, the execution of such record may be evidenced by an Electronic Signature obtained using an Approved Electronic Signature Method.
2. The mere fact that an individual signs a record using an Approved Electronic Signature Method does not guarantee that the record has been signed by a person authorized to sign or approve such record. Appropriate procedures must be used to confirm that the person signing the record has the appropriate authority.
3. If an individual acting on behalf of the University has questions about whether the use of an Electronic Signature in a particular situation is an Approved Electronic Signature Use, the individual should consult with the E-signature Committee.

B. Approval of Electronic Signature Methods and Electronic Signature Uses.

1. The E-signature Committee is responsible for approving all Electronic Signature Methods and Electronic Signature Uses.
2. When approving an Electronic Signature Method, the E-signature Committee will consider whether such Method (a) appropriately verifies the identities of the signatories,  (b) appropriately demonstrates their intent to sign the applicable record and (c) is in compliance with CUIT/CUMC IT security standards.
3. Subject to appropriate departmental and/or school review and approval and all applicable laws and regulations, the following classes of transactions are Standard Electronic Signature Uses and are deemed to be pre-approved by the E-signature Committee:
   • Employment related transactions;
   • Procurement related transactions;
   • Enrollment related transactions;
   • Financial aid related transactions, including Federal Work Study documentation.
4. All Non-Standard Electronic Signature Uses must be approved by the E-signature Committee prior to use.  When reviewing requests for approval, the E-signature Committee will consider the sensitivity, value and operational importance of the circumstances in which the Electronic Signature will be used.
5. The E-signature Committee will maintain a list of all Approved Non-Standard Electronic Signature Uses, indicating the names of the applicable department, division or school, a description of the approved use, the documents that may be signed using Electronic Signatures and the applicable business owner.  Such list will be posted on the CUIT and CUIMC IT websites. 
6. Electronic Signature Methods or Electronic Signature Uses may be approved for particular electronic records, particular classes of electronic records, or particular units of the University.
7. Individuals can obtain information about Approved Electronic Signature Methods and Approved Non-Standard Electronic Signature Uses from the E-signature Committee.
8. The E-signature Committee has the authority to revoke approval for any Electronic Signature Method or Electronic Signature Use if it deems that such Method or Use is no longer appropriate.  The E-signature Committee may, in its discretion, require that records signed using an Electronic Signature Method that is no longer approved be signed again using an Approved Electronic Signature Method. 

C. Acceptance of Electronic Signatures from Third Parties

1. In general, when the University enters into a contract, or is a signatory to another type of document, in each case with a third party, the University and such third party should consent to the use and acceptance of electronic signatures. It is prudent to obtain some written evidence from the third party that it has agreed to the use of electronic signatures.  However, obtaining such evidence may not be possible and consent may be implied by the parties’ conduct. 
2. If the University is party to a business contract, if possible, the terms of the contract should evidence the use and acceptance of electronic signatures.  For example, the following language may be added to a contract:

"The parties agree and consent to the use of electronic signatures solely for the purposes of executing the Agreement or any related transactional document.  Such electronic signature shall be deemed to have the same full and binding effect as a handwritten signature.” 

D. Exceptions to the Use of Electronic Signatures

1. The following types of documents may require handwritten signatures on a paper record:

• wills, codicils, and testamentary trusts;
• documents required under state statutes, regulations, or other rules of law governing adoption, divorce, or other matters of family law;
• the Uniform Commercial Code, as in effect in any State, other than sections 1-107 and 1-206 and Articles 2 and 2A (mostly respecting bank documents, checks, letters of credit, securities and the like);
• court orders or notices, or official court documents (including briefs, pleadings and other writings) required to be executed in connection with court proceedings;
• notices for cancellation or termination of utility services (including water, heat and power);
• notices of default, acceleration, repossession, foreclosure or eviction, or the right to cure, under a credit agreement secured by, or a rental agreement for, a primary residence of an individual;
• notices for the cancellation or termination of health insurance or benefits or life insurance benefits (excluding annuities);
• recall notices of a product, or material failure of a product that risks endangering health or safety; and
• any document required to accompany any transportation or handling of hazardous materials, pesticides or other toxic and dangerous materials.

E. Violations and Sanctions

1. It is a violation of this Policy for an individual to sign a record using an Electronic Signature in connection with any official University activity on behalf of another individual unless the latter individual has granted the signing individual specific authority to do so.
2. Individuals shall report any actual or suspected fraudulent activities relating to Electronic Signatures immediately to a manager or supervisor in the appropriate department, division or school.
3. Employees who falsify Electronic Signatures or otherwise violate this Policy are subject to disciplinary action, up to and including termination of employment and criminal prosecution under applicable federal and state laws.
4. Students who falsify Electronic Signatures or otherwise violate this Policy are subject to disciplinary action under University policies and criminal prosecution under applicable federal and state laws.
5. Other members of the University community who falsify Electronic Signatures or otherwise violate this Policy are subject to appropriate sanctions, including, but not limited to, termination of their relationships with the University and criminal prosecution under applicable federal and state laws.