Lesson 5: Standards for an Acceptable Electronic Document Receiving System
CROMERR requires that all acceptable electronic document receiving systems are able to generate legally-defensible data to prove document integrity according to the five standards below.
Review each standard for a full explanation.
The e-document is not alterable without detection
The system must be able to prove that its electronic documents cannot be altered without detection during transmission or at any time after receipt. This is a basic data integrity requirement that ensures what was sent is what was received.
Alterations to the e-document are documented by the system
The system must provide a record of any alterations to the electronic document during transmission or after receipt.
The e-document can only be submitted intentionally
The system must be designed so that the electronic document can only be submitted knowingly, and with intent, and not by accident.
Submitters and signatories can review the COR of the e-document
Submitters and signatories must have: (1) the opportunity to review the Copy of Record (COR) in a human-readable format that clearly and accurately associates the electronic document information with descriptions; and (2) the opportunity to repudiate the electronic document based on this review.
COR refers to a true and correct copy of an electronic document received by an electronic document receiving system, which can be viewed in a human-readable format that clearly and accurately associates all the information provided in the electronic document with descriptions or labeling of the information. A COR includes:
- All electronic signatures contained in or logically associated with that document;
- The date and time of receipt; and
- Any other information used to record the meaning of the document or the circumstances of its receipt.
For example, if the COR is maintained as an XML file, then the COR should include the XSL style sheet used in conjunction with the file to present it back to the signer.
If an e-signature is required, then the e-document meets e-signature requirements
If an e-document requires an e-signature, then it must meet the following requirements:
- E-signatures must be valid at the time of signing.
- E-documents cannot be altered without detection after signing.
- Each signatory must have an opportunity to:
- Review the e-document content, in human-readable format, before signing; and
- Review the required certification statement, which includes criminal penalty implications of false certification, at the time of signing.
- Signatories must sign either an electronic signature agreement or subscriber agreement for the e-signature device used to create his or her e-signature.
- The system must automatically respond to the receipt of an e-document with an acknowledgement identifying the e-document received, the signatory, and the date and time of receipt. It must also be sent to at least one address that does not share the same access controls as the account used to make the electronic submission.
- For each e-signature device, the identity of its unique user and the users' relationship to the entity for which he or she is signing has been determined by the state, tribe, or local government.