Electronic signature provider

Electronic signature provider

This is what you should consider when making your choice

Would you like to digitise your signature processes? There are a number of things to consider when choosing a suitable signature solution. The following questions should be clarified before introducing the software:

For which use cases is the e-signature to be used?

Consider whether you want to use the e-signature mainly for internal business processes or for business cases with contractual partners and end customers. Which documents and use cases are in use? Which signature type do you need for this?

How important is the verifiability of the signature?

The electronic signature can be divided into three types: simple, advanced and qualified. The simple electronic signature (SES) has a low verification value, this type of signature may still be sufficient for simple transactions. The advanced (AES) and qualified electronic signature (QES) each offer a very high level of verification. Apart from the aspect of verification, QES is mandatory for a few documents, as this is required by law.

What are the legal framework conditions?

In Germany, the provider must comply with all legal provisions of the GDPR, the eIDAS, the German Civil Code (BGB) and the Federal Data Protection Act (BDSG). The eIDAS also applies in other EU countries. Individual countries have further regulations that must be observed in addition thereto.

Another great read: Electronic signature worldwide.

How many documents should be signed per month?

As a rule, and depending on the licence type, the number of digital signatures is limited. Make sure that the maximum number is sufficient for your needs. Clarify with the provider how to proceed in the event of an overrun.

Should it be a cloud solution (SaaS) or do you want to operate the system yourself (on-premises)?

In the case of a cloud application (Software as a Service), the system runs on the server of the provider or one of its service providers. The provider is responsible for the operation. With on-premises, the software solution is installed on your own server. Updates and maintenance must be carried out by your own company.

Where is the data centre located? Are the provisions of the GDPR fulfilled?

Clarify where the data centre and the company’s headquarters are located, including all subcontractors who process your data. The ECJ confirmed on 16 July 2020 that the level of data protection in the USA is insufficient. Therefore, please make sure that both the operator and its subcontractors have their domicile in the EU.

Is there metadata in addition to the electronic signature, such as an audit report?

A protocol with further information on the digital signature can quickly contribute to resolving a dispute situation and prevent time-consuming legal proceedings. Important information could include: Signatory’s e-mail address, date, time, devices used and browser.

On which devices should the e-signature be submitted?

Even before its introduction, you should clarify which devices can be used for the signature. Should the signatures be possible on a smartphone or even on a PC e.g. by keyboard, if no touch device is available?

What support does the provider offer and in which language?

Find out how to contact support if you have any questions or problems. Perhaps also webinars, training sessions or help pages are on offer. Of course, the support should also understand your language, or at least be able to communicate easily in English.

Which companies use the solution? Are there any meaningful customer reports or reviews?

Customer reviews and ratings can be very helpful in the decision-making process. This enables you to find out where the strengths and weaknesses of the electronic signature solution are, in which sectors the company is represented and why others have chosen this solution.
Here, you can find information on the e-signature solution inSign: www.getinsign.de/en.