Approved by President
Effective Date: June 5, 2017
Responsible Division: Information Technology
Responsible Office:  Information Technology
Responsible Officer: Vice President for Information Technology

I.  Purpose

This policy allows for e-signature use and the acceptance of faxed, emailed, and scanned signatures at Middle Tennessee State University (MTSU or University) by methods that are practical, secure, and balance risk and cost. It is not the intent of this policy to eliminate all risk, but rather to provide a process that assures parties that appropriate analysis was completed prior to implementation of e-signature or the acceptance of faxed, emailed, and scanned signatures, and that the level of user authentication used is reasonable for the type of transaction conducted. 

II.  Scope

This policy is based on T.C.A. § 47-10-101, et. seq., the Uniform Electronic Transactions Act. To conduct a paperless transaction requires reliance on verifiable electronic signatures.  E-signatures may be implemented using various methodologies depending on the risks associated with the transaction. Examples of transaction risks include fraud, non-repudiation, and financial loss. The quality and security of the e-signature method should be commensurate with the risk and needed assurance of the authenticity of the signer. Authentication is a way to ensure that the user, who attempts to perform the function of an electronic signature, is, in fact, who they say they are and is authorized to “sign”. 

An e-signature may be accepted in all situations, if requirement of a signature/approval is stated or implied. This policy does not supersede situations where laws specifically require a written signature. This policy cannot limit the right or option to conduct the transaction on paper or in non-electronic form and the right to have documents provided or made available on paper at no charge. The e-signature must be protected by reasonable security measures, as applicable, to established computer functions of the University.

III.  Definitions

For the purposes of this policy:

A.  Authentication. To establish as genuine, and verify, the identity of a person providing an electronic signature.

B.  Credential. An object that is verified when presented to the verifier in an authentic transaction.

C.  Electronic Record. A contract or other record created, generated, sent, communicated, received, or stored by electronic means.

D.  Electronic Signature. An electronic signature/approval (e-signature) is defined as an electronic identifier that is created by a computer and is intended by the party using it to have the same intent, affect, and authority as the use of a manual, either written or facsimile, signature. An electronic signature can be the person’s typed name, their email address, or any other such identifying marker.

E.  Transaction. A discrete event between a user and system that supports a business or programmatic purpose.

IV.  Faxed, Emailed, Scanned Signatures

The electronic process expedites obtaining required contractual information. A faxed, scanned, o