With many businesses forced into remote working by the Covid-19 pandemic – and likely to continue working a physical-virtual hybrid model for the foreseeable future – paperless processes and stricter privacy requirements are top priorities for the C-suite.
According to Zeldeen Muller, creator of interactive agendas and minutes software AgendaWorx.com, this presents business with several opportunities in terms of cost savings on printing, courier fees, storage and retrieval of documents.
“However, the challenges that must be met for legal compliance with the Protection of Personal Privacy Act (PoPIA) in South Africa and the EU’s General Data Protection Regulation (GDPR) may include the signing of documents remotely using digital signatures, often by more than one party.
“Take board resolutions, where members are based in offices around the region or even the country. Like every legal document, resolutions need to be signed and dated by the members of the board as they would do with minutes of meetings.”
Such signing of documents using digital or electronic signatures brings its own specific complications, says Muller. “Signatures can easily be copied and pasted into online versions of documents using simple technology, such as standard snipping tools, an online signing tool or any graphic design system. This makes signatures vulnerable to cyber threats.
“Electronic and digital signing technology is often costly, particularly where several individuals in an organisation are signatories,” Muller notes, adding that digital signatures can lock a document once signed and will not allow any changes, but the same is not always true of electronic signatures.”
Secure solutions for legal compliance
Sending a document via email for various individuals to sign can also be time-consuming and presents a security risk, Muller says. So, what can organisations and businesses do to ensure secure electronic signatures and compliant documentation?
* Find signature technology that all of your main signatories will have access to, and be able to use for all documents. This must be a single system, controlled centrally in your organisation or for your board of directors. If this functionality is embedded within software that your company or board already uses, such as your paperless agenda software, it will ensure lower cost and maximum efficiency. AgendaWorx, for example, includes signing functionality at a nominal fee as part of client’s paperless agenda software.
* Ensure that the signature created using this system has both a “user identity” stamp and a “date and time” stamp created automatically by the secure signature system with each signature made. Ensure these electronic stamps are entirely tamper-proof. Note that where user identity and date and time stamps are not present, the signature might not be valid and documents can be contested.
* Make sure documents to be stamped can only be signed by designated signatories. Using software such as AgendaWorx, this can be controlled by the individual who makes the document available for signing.
* A signing system that keeps a record of document version control is vital, and your software must note a version for every person who has edited a document.
* A truly secure system where individuals can sign documents legally has the necessary security protocols in place, such as: secure login credentials with an email notification to the user for every login’ one-time PINs (OTPs) sent via SMS or email of the appropriate signatory or an authenticator app for each login; encryption of all documents for signing; secure audit logs of who signed which document, on which days and at what time; and the ability to lock the file once signed.
Muller says that, even as businesses resume face-to-face meetings as the economy normalises, they may find that electronic and digital signatures are more prevalent due to their speed and efficacy. However, cyber security risks will also increase proportionately and the software utilised will have to mitigate those risks.
“According to cyber security giant Kaspersky, Covid-19 brought with it a tsunami of cyber threats and breaches. From phishing e-mails to vulnerabilities in collaboration tools, Africa was targeted by increasingly sophisticated attacks,” she says.
“Kaspersky urges the use of corporate devices and company-approved software for work, and the configuration programs and devices properly to mitigate damage. Implementing software with add-on features such as secure signing functionality, such as AgendaWorx.com company-wide can be a key way to reduce the impact of threats and keep documents as safe as the risk landscape will allow.”