APS #2008

Active

Electronic Signatures and Transactions

Brief Description

Sets forth university requirements for electronic signatures and records.

Reason for Policy

 This policy establishes the preference for using electronic methods for official university businessOfficial university businessAny activity that carries out the university's mission of instruction, research and service or that provides support to the university's instruction, research, and service activities. transactions and parameters for use and maintenance of electronic records.

Policy Profile

APS Policy Title: 
Electronic Signatures and Transactions
APS Number: 
2008
Effective Date: 
July 1, 2014
Approved By: 
President Bruce D. Benson
Responsible University Officer: 
Vice President, Employee and Information Services
Responsible Office: 
Office of Information Security
Policy Contact: 
Office of Information Security
Supersedes: 
Electronic Signatures and Records, June 1, 2008
Last Reviewed/Updated date: 
July 1, 2014
Applies to: 
University-wide

I. Introduction

This policy establishes the preference for using electronic methods for official university business transactions and parameters for use and maintenance of electronic records.

This policy applies to all members of the University of Colorado community (such as employeesEmployeesAn individual who currently holds a University employment appointment, whether full-time, part-time, temporary, seasonal or hourly., affiliateAffiliateAn organization that has a contractual or other legal relationship with the University that closely aligns them operationally with the University to more effectively further both the University and the organization's missions. Affiliates are identified at https://www.cusys.edu/controller/policies/supporting%20listing.doc. Affiliates include Blended Organizations and Supporting Organizations. staff, associatesAssociateAn individual who is not employed by the University, but who is actively involved in furthering the University's mission in some fashion. Examples of associates include members of the Board of Regents and off-campus work-study employers. The term associate does not generally include University vendors, non-employee students, alumni, parents of students, university-sponsored conference attendees, employees of University affiliates, official business guests, donors, sponsors, congressional or state legislative members, or members of the general public., and studentsStudentAny individual who applies to, is accepted for admission, and enrolls for a course at the University of Colorado. This does not include an individual who has never attended or never enrolled at the institution.) and governs all uses of electronic signatures and electronic records used to conduct official University business.

II.  Policy Statement

  1. University administrative processes shall provide for the use of electronic transactions to conduct official university business whenever possible.  If a law prohibits a transaction from occurring electronically, the transaction must occur in the manner specified by law.
  2. Electronic Signatures and Electronic Records​
    1. Where policies, laws, regulations and rules require a signature, that requirement is met if the document contains an electronic signature.
    2. If a law requires an electronic signature to contain specific elements, the  signature must contain those elements.
    3. Where policies, laws, regulations and rules require a written document, that requirement is met if the document is an electronic record.
    4. Where required by law, each party to a transaction must agree to conduct the transaction electronically in order for the electronic transaction to be valid. Consent may be implied from the circumstances.
  3. Review of Electronic Transaction Processes
    1. Data trusteesData trusteeA party or entity identified with and widely recognized to have primary authority and decision responsibility over a particular collection of university data. The Council of Data Trustees list is included on this page. shall:
      1. Promulgate procedures for use of electronic transactions in administrative processes.
      2. Consult with University Counsel and the appropriate IT security officer to identify requirements for assurance and trustworthiness of transactions.
      3. Submit procedures to the Office of Policy and Efficiency (www.cu.edu/ope) for publication with this policy.  Procedures shall address:
        • securing electronic transactions and documents for the required retention period
        • accessibility
        • means of attribution for individuals involved in the transaction
        • archiving, integrity, and privacy of transaction records and documents
  4. Maintenance of Electronic Records
    1. If a law requires that a record be retained or retained in its original form, an electronic record of the information is sufficient if it accurately reflects the information in the original record and remains accessible for later reference.
    2. The University shall keep official records in digital formats to ensure that electronic transaction records are retrievable throughout the required retention period (APS 2006-Retention of University Records).

III.  Definitions

Italicized terms used in this Administrative Policy Statement are defined in the Administrative Policy Statement Glossary.

IV.  Procedures, Forms, Guidelines and Resources

  1. Policies
    1. 2006-Retention of University Records
    2. 6010-Data Governance
  2. Procedures
    1. Procedures for Electronic Signatures in Electronic Student Loan Transactions
  3. Other Resources (i.e. training, secondary contact information)
    1. Colorado Revised Statute 24-71.3-101, Uniform Electronic Transaction Act
    2. 18 U.S.C. 2510, Electronic Communications Privacy Act

V.  History

  • Initial Policy approved June 1, 2008
  • Revised on July 1, 2014 
  • The term “data owner” was replaced with the term “data trustee” effective July 1, 2018.

VI. Key Words

electronic signature, electronic record, record retention