Lesson 6: Submission Process
Checklist items 8 through 12 are grouped under the Submission Process, and represent the CROMERR requirements that must be satisfied as the report or document is transferred to the system during a formal submission. Items 8 through 11 are required for all submittals, whether or not an electronic signature As defined in § 3.3 of CROMERR, any information in digital form that is included in or logically associated with an for the purpose of expressing the same meaning and intention as would a handwritten signature if affixed to an equivalent paper document with the same reference to the same content. The electronic document bears or has on it an electronic signature where it includes or has logically associated with it such information. is included.
Select each item under the Submission Process to learn more.
- Transmission Error Checking and Documentation
- Opportunity to Review COR
- Procedures to Address Repudiation COR
- Procedure to Flag Accidental Submissions
- Automatic Acknowledgement of Submission
8. Transmission Error Checking and Documentation
CROMERR requires that the system be able to assure that it received the electronic report through an error-free transmission or that any errors in transmission are documented. This normally involves the use of cryptographic technologies (e.g., secure socket layer, and transport layer security).
Reference:
9. Opportunity to Review COR
CROMERR requires that the system provide the submitter and any signers with the opportunity to review the Copy of Record As defined in § 3.3 of CROMERR, a true and correct copy of an electronic document received by an , which copy can be viewed in a human-readable format that clearly and accurately associates all the information provided in the electronic document with descriptions or labeling of the information. A copy of record includes: 1) All electronic signatures contained in or logically associated with that document; 2) The date and time of receipt; and 3) Any other information used to record the meaning of the document or the circumstances of its receipt. (COR As defined in § 3.3 of CROMERR, a true and correct copy of an electronic document received by an electronic document receiving system, which copy can be viewed in a human-readable format that clearly and accurately associates all the information provided in the electronic document with descriptions or labeling of the information. A copy of record includes: 1) All electronic signatures contained in or logically associated with that document; 2) The date and time of receipt; and 3) Any other information used to record the meaning of the document or the circumstances of its receipt.) of the submittal after it is formally received. This is distinct from the requirement that signers have the opportunity to review document content and certification statements prior to signing and submitting, which are addressed in items 6 and 7. The requirement here has three elements. First, the system must notify the submitter and any signers that the COR is available for their review. Second, the system must produce a version of the COR in a human-readable format. Third, and finally, the system must provide the signers and submitter with access to the COR in this human-readable format.
Reference:
10. Procedures to Address Repudiation COR
CROMERR requires that the submitter and any signers have the opportunity to repudiate the Copy of Record (COR) in part or in total, if they disagree with how the COR represents the submission. The system must also have a way to address any cases of repudiation and to document the history of the submission in those cases.
Reference:
11. Procedure to Flag Accidental Submissions
CROMERR requires that the system be able to identify accidental or counterfeit submissions and have a way of addressing user repudiations of submissions as forged or accidental. For those cases, the system must also be able to document the submission's history.
Reference:
12. Automatic Acknowledgement of Submission
Where the submission includes an electronic signature, CROMERR requires that the system automatically send an acknowledgement to the individual identified as the signer at the time of submittal. The acknowledgement must identify the submittal, the signers, and the date and time the submittal was received.
This automatic acknowledgement must be sent to an out-of-band address—that is, an address that does not share the same access controls like the username, PIN, or password—as the account used to make the electronic submission. This address is typically an email address, but it could be a U.S. Postal address or even a phone number.
One purpose of this requirement is to help system users detect any compromise In relationship to an electronic signature device, refers to when the device's code or mechanism is available for use by any other person. of their signature devices. If a submission includes a signature executed with a device by someone other than its registered owner, the owner will be alerted by the acknowledgement he or she receives at the out-of-band address. Given this purpose, the system must include procedures to follow-up when the acknowledgement cannot be delivered to determine whether the email or U.S. Postal address associated with the account is still valid.
