APS 2008 - Electronic Signatures and Transactions
|Policy Title:||Electronic Signatures and Transactions|
|Effective:||July 1, 2014|
|Approved by:||President Bruce D. Benson|
|Responsible University Officer:||Vice President, Employee and Information Services|
|Responsible Office:||Office of Information Security|
|Policy Contact:||Office of Information Security|
|Supersedes:||Electronic Signatures and Records, June 1, 2008|
|Last Reviewed/Updated:||July 1, 2014|
Brief Description: Sets forth university requirements for electronic signatures and records.
Reason for the Policy: This policy establishes the preference for using electronic methods for official university business transactions and parameters for use and maintenance of electronic records.
This policy establishes the preference for using electronic methods for official university business transactions and parameters for use and maintenance of electronic records.
This policy applies to all members of the University of Colorado community (such as employees, affiliate staff, associates, and students) and governs all uses of electronic signatures and electronic records used to conduct official University business.
II. Policy Statement
- University administrative processes shall provide for the use of electronic transactions to conduct official university business whenever possible. If a law prohibits a transaction from occurring electronically, the transaction must occur in the manner specified by law.
- Electronic Signatures and Electronic Records
- Where policies, laws, regulations and rules require a signature, that requirement is met if the document contains an electronic signature.
- If a law requires an electronic signature to contain specific elements, the electronic signature must contain those elements.
- Where policies, laws, regulations and rules require a written document, that requirement is met if the document is an electronic record.
- Where required by law, each party to a transaction must agree to conduct the transaction electronically in order for the electronic transaction to be valid. Consent may be implied from the circumstances.
- Review of Electronic Transaction Processes
- Data owners shall:
- Promulgate procedures for use of electronic transactions in administrative processes.
- Consult with University Counsel and the appropriate IT security officer to identify requirements for assurance and trustworthiness of transactions.
- Submit procedures to the Office of Policy and Efficiency (www.cu.edu/ope) for publication with this policy. Procedures shall address:
- securing electronic transactions and documents for the required retention period
- means of attribution for individuals involved in the transaction
- archiving, integrity, and privacy of transaction records and documents
- Data owners shall:
- Maintenance of Electronic Records
- If a law requires that a record be retained or retained in its original form, an electronic record of the information is sufficient if it accurately reflects the information in the original record and remains accessible for later reference.
- The University shall keep official records in digital formats to ensure that electronic transaction records are retrievable throughout the required retention period (APS 2006-Retention of University Records).
IV. Procedures, Forms, Guidelines and Resources
- Other Resources (i.e. training, secondary contact information)
- Colorado Revised Statute 24-71.3-101, Uniform Electronic Transaction Act
- 18 U.S.C. 2510, Electronic Communications Privacy Act
- Initial Policy approved June 1, 2008
- Revised on July 1, 2014
VI. Key Words
electronic signature, electronic record, record retention