Lesson 6: Submission Process
Checklist items 8 through 12 are grouped under the Submission Process, and represent the CROMERR requirements that must be satisfied as the report or document is transferred to the system during a formal submission. Items 8 through 11 are required for all submittals, whether or not an electronic signature is included.
Select each item under the Submission Process to learn more.
8. Transmission Error Checking and Documentation
CROMERR requires that the system be able to assure that it received the electronic report through an error-free transmission or that any errors in transmission are documented. This normally involves the use of cryptographic technologies (e.g., secure socket layer).
9. Opportunity to Review COR
CROMERR requires that the system provide the submitter and any signers with the opportunity to review the Copy of Record (COR) of the submittal after it is formally received. This is distinct from the requirement that signers have the opportunity to review document content and certification statements prior to signing and submitting, which are addressed in items 6 and 7. The requirement here has three elements. First, the system must notify the submitter and any signers that the COR is available for their review. Second, the system must produce a version of the COR in a human-readable format. Third, and finally, the system must provide the signers and submitter with access to the COR in this human-readable format.
10. Procedures to Address Repudiation COR
CROMERR requires that the submitter and any signers have the opportunity to repudiate the Copy of Record (COR) in part or in total, if they disagree with how the COR represents the submission. The system must also have a way to address any cases of repudiation and to document the history of the submission in those cases.
11. Procedure to Flag Accidental Submissions
CROMERR requires that the system be able to identify accidental or counterfeit submissions and have a way of addressing user repudiations of submissions as forged or accidental. For those cases, the system must also be able to document the submission's history.
12. Automatic Acknowledgement of Submission
Where the submission includes an electronic signature, CROMERR requires that the system automatically send an acknowledgement to the individual identified as the signer at the time of submittal. The acknowledgement must identify the submittal, the signers, and the date and time the submittal was received.
This automatic acknowledgement must be sent to an out-of-band address—that is, an address that does not share the same access controls like the username, PIN, or password—as the account used to make the electronic submission. This address is typically an email address, but it could be a U.S. Postal address or even a phone number.
One purpose of this requirement is to help system users detect any compromise of their signature devices. If a submission includes a signature executed with a device by someone other than its registered owner, the owner will be alerted by the acknowledgement he or she receives at the out-of-band address. Given this purpose, the system must include procedures to follow-up when the acknowledgement cannot be delivered to determine whether the email or U.S. Postal address associated with the account is still valid.