Apprenticeship toolkit

Good practice with digital signatures

Digital signatures are increasingly used in commercial transactions and communications. They range in complexity from typewritten names to fingerprint and retina scans.

  • Simple electronic signature - includes scanned signatures and tickbox plus declarations.
  • Advanced electronic signature - can identify the user, is unique to them, is under the sole control of the user and is attached to a document in a way that it becomes invalidated if the contents are changed.
  • Qualified electronic signature - an advanced electronic signature with a digital certificate encrypted by a secure signature creation device e.g. smart card.

Electronic signatures are only as secure as the business processes and technology used to create them. High value transactions need better quality electronic signatures – signatures used for these transactions need to be more securely linked to the owner in order to provide the level of assurance needed and to ensure trust in the underlying system.

There is legislation around this area. Most importantly, new regulations mean digital signatures can only be used by individuals not corporations.

For very important transactions you may need to employ ‘Trust Services’ which can involve time stamps, registered delivery services and website authentication.

Example of effective practice

Issues such as multiple users sharing devices add complication but are relatively easy to surmount as our case study from Gower College shows.