The URL can be used to link to this page

Home My WebLink About2021-037 - Res. Mason County Electronic Signature Policy RESOLUTION NO. MASON COUNTY ELECTRONIC SIGNATURE POLICY WHEREAS,the Uniform Electronic Signatures Act(UETA)authorizes local agencies in Washington State to use and accept electronic signatures in the same legal effect as a hand- written signature in most cases. WHEREAS,the Board of Mason County Commissioners recognize that it is in the best interest of Mason County to establish an electronic signature policy to come into compliance with the use of electronic signatures. NOW,THEREFORE,BE IT RESOLVED,that the Board of Mason County Commissioners does hereby adopt the Mason County Electronic Signature Policy(Attachment A). APPROVED thisLIP day of 2021. BO F COUNTY COMMISSIONERS Ran Neatherl , Chair I Kevin Shutty, mmissioner Sharon Trask,Commissioner ATTEST: ��McKenzie S th, Jerk of the Board --APPROV AS TO FORM: Tim Lheid, Chief DPA C: Accounting,Treasurer,Public Works,Budget&Finance P,ON cot, A IRSa Mason County Electronic Signature Policy I. Purpose This Policy establishes when electronic signature technology may replace a hand- written signature for internal and external business purposes. The Policy is intended to strongly encourage the use of paperless, electronic documents where appropriate, feasible, and allowed by law. The two-fold goal is to make electronic signature usage the norm of business practices countywide and to make the process of implementing electronic signature services as simple as possible. Minimizing barriers to implementation and standardizing the use of electronic signatures across the county promotes the county's efforts to achieve the "best- run government" by improving administrative efficiencies and supporting our long-term sustainability goals. This Policy provides specific guidance on how to implement, maintain, and establish internal controls for the use of electronic signature technology, and applies to signatures required for the processing of county documents. II. Organizations Affected This Policy applies to all Mason County department heads and elected officials and all employees of their respective offices. III. Definitions "Network Engineer" refers to Mason County's Department of Information Technology (MCIT) Lead. "Department" means any department or office managed by an elected official of any branch of Mason County government. 1 "Electronic Signature" or "e-signature" means an electronic sound, symbol, or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. "MCIT" refers to Mason County's Department of Information Technology. "MCIT Management" refers to the Mason County Information Technology Department. IV. Policy A. Acceptance of Electronic Signatures 1. Departments may use Electronic Signatures to show approval, authorization and/or certification for electronic submissions, with the same force and effect as signatures affixed by hand. An Electronic Signature satisfies a signature requirement on a county document. Discretion is given to the department to determine which documents will be eligible for Electronic Signature, unless where required by statute or County policy. 2. A department that accepts Electronic Signatures must comply with MCIT's methods and processes for Electronic Signature as set forth in this Policy. Exceptions to the policy as stated herein must be approved by the Board of Mason County Commissioners. 3. Departments electing to use Electronic Signatures will follow the following guidelines: a. For documents sent external to the county for signature, especially those that have a legally binding effect (including, but not limited to contracts, subpoenas and permits) and therefore require high- level authentication and security measures in a locked format, departments are required to use the county's contracted Electronic Signature vendor(s). b. For documents used internal to a county department, or between county departments, that do not require high-level authentication and a locked format (for example, using a text box containing a signature that is inserted into the document), while use of the county's vendor is encouraged, departments are given the discretion to use an alternative Electronic Signature vendor. In these cases, a request for an exception to policy is not required. However, for any other internal documents identified as needing signatures that have a legally binding effect, or require high-level authentication and security measures in a locked format, departments are required to use the county's contracted Electronic Signature vendor. 2 4. Departments that accept and use Electronic Signatures for documents that also require a notary certification are permitted to accept and use an electronic notary certification if the notarial act complies with state law as outlined in Chapter 42.45 RCW. 5. The county's contracted Electronic Signature vendors) will manage all functions related to the affixing of e-signatures to, and access and storage of, designated county documents. MCIT will ensure that the electronic signature software is fully integrated into current MCIT approved software for document generation. The intent is to promote the standard use of Electronic Signature services and options among departments as a "best practice." 6. Documents sent to the county that originate at an external organization, requesting an e-signature using a method or process selected by the external organization, can be signed electronically by county staff as long as supervisors of both parties agree to the method or process beforehand and the routing and approval process is followed in the same manner as hand-written signatures for items requiring Mason County Commissioner Board Action, per the Board's operating guidelines, currently Resolution No. 02-19. B. Mason County Department Business Applications 1. New Electronic Signature service implementations: Elected Officials, directors, managers, and supervisors (or their designees), of departments desiring to implement Electronic Signature services for the first time, or replace an existing vendor providing this service, should contact MCIT by submitting a Help Desk ticket for requirements, pricing, training, and scheduling. Departmental Information Technology employees will be an alternate source of support in establishing e-signature services. 2. Existing Electronic Signature services: Departments with Electronic Signature services provided under contract with another vendor prior to the effective date of these policies are expected to migrate to the county's contracted Electronic Signature Vendor when their current vendor contract expires (or is terminated) or when there is an option to renew or extend the contract. No department may enter into any vendor agreement for any Electronic Signature service that is not the county's contracted vendor without the prior written consent of the Network Engineer or designee. Departments may be permitted to maintain their use of a third-party management system that has an embedded Electronic Signature processes with the submission and approval of an Exception Request. 3. Process for Making an Exception Request: Departments desiring to use another Electronic Signature vendor must request a waiver from the Network Engineer or his/her designee in advance. The Network Engineer or his/her designee will provide a recommendation to MCIT Management for any exception to policy requested. MCIT Management has ultimate authority to grant case-by-case exceptions for the use of an alternative 3 solution instead of the county's approved Electronic Signature vendor. Due to an emphasis on standardizing best practices across the county, only in rare circumstance will requests for a waiver be approved. C. Electronic Signature Security and Privacy 1. MCIT and its Electronic Signature vendor shall maintain and administer IT security requirements, ensuring the safeguarding of sensitive electronic documents and information stored by the vendor. 2. All departments accepting Electronic Signatures must be familiar with county policies and guidelines governing IT security, and required actions in the event of a security breach. D. Internal Controls, and Documentation Preservation and Retention 1. Departments that elect to use Electronic Signatures are responsible for determining, in conjunction with the Prosecuting Attorney's office, where applicable laws permit an Electronic Signature to be used. Departments that opt to use Electronic Signatures must adopt/amend their business practices to support the requirements of this Policy. 2. Records of documents signed by Electronic Signature(s) must remain searchable and retrievable for the required retention period as established by policy and law. 3. The Electronic Signature vendor shall ensure that the documents signed electronically, once completed and stored electronically, cannot be changed or altered. a. In cases where documents are initiated electronically and sufficient controls do not exist to ensure the integrity of the document's date, MCIT will notify the authorized user and the authorized individual must print, review, and sign the document. The printed records are considered the official source document and retained per the retention schedule. E. Contracts 1. MCIT shall establish and administer countywide contracts with vendors for the providing of Electronic Signature solutions for county documents. 2. MCIT Management shall keep the Board of Mason County Commissioner's or their designee apprised of all matters associated with the establishment and administration of contracts with vendors for the providing of Electronic Signature solutions for county documents. 4 3. No department may enter into any vendor agreement for any Electronic Signature service that is not the county's contracted vendor without the prior written consent of MCIT Management. 4. MCIT, through the establishment of contracts with vendors and other related partners, shall assist departments in understanding contract requirements and the pricing structure options relative to Electronic Signature services. F. Annual Reporting The Network Engineer or designee will work with departments each year to collect usage data to monitor the progress of e-signature usage across the county, including e-signature volume and document types. V. Implementation Plan, Methods and Processes A. MCIT Management shall establish and maintain the methods and processes for management of Electronic Signature services, including, but not limited to, access to the Electronic Signature system, contracting for Electronic Signature services, monitoring the unit cost per signatures, and standard business processes and procedures. B. The Department of Information Technology is responsible for implementation of this Policy. Individual departments are responsible for setting up the use of electronic signature methods and processes within their department. C. The Department of Information Technology is responsible for communicating this Policy to the departments within the County and other appropriate parties annually. VI. Maintenance A. This Policy will be maintained by the Mason County Information Technology Department, or its successor department. VII. Consequences for Noncompliance. Departments that elect to use electronic signatures, and do not conform to this policy, may be in violation of County Code and State Law. Failure to comply with this policy may result in MCIT Management restricting or terminating the use of electronic signatures for the department's documents. 5