Over the last few years, there has been an evolution in business efficiencies, and document and digital signing solutions are becoming more widely accepted across organizations. But where do electronic signatures come into play, and which is the most secure method to protect internal documents? In this article, we’ll look at the main difference between digital and electronic signatures, what a Qualified Electronic Signature (QES) is and when and why you should sign with one.
What’s the Difference Between Digital and Electronic Signatures?
Let’s be honest, the terms ‘electronic signature’ and ‘digital signature’ are often used interchangeably but when it comes to ensuring a document's integrity, it makes quite the difference. A simple electronic signature may not have identity verification, whereas a digital signature is used to provide a strong identity assurance.
What Types of Electronic Signatures are There?
When it comes to electronic signatures there are three levels: Simple, Advanced and Qualified.
A Simple Electronic Signature (SES) is the most basic, and only requires a copy of a signature. Unlike Advanced and Qualified, it does not offer any confidence that the document has been changed, and there is no reliable verification of the signer’s identity. The problem is that the signature can be disputed as there is no evidence or proof that they were the one that signed the document. Advanced Electronic Signatures (AES) provide this confidence and security, and whilst they are a great improvement on SES, Qualified Electronic Signature (QES) offer the highest level of security, confidence and truthfulness.
What is a QES signature?
A QES signature is backed by a qualified digital certificate, which is provided by a Qualified Trust Service Provider (QTSP) and is signed using a Qualified Signature Creation Device (QSCD).
An electronic signature is considered as qualified when it meets the following requirements:
- The signer’s identity is linked to the signature and verified through confirmation of their identity
- The signature data was created under the sole control of the signer
- The data accompanying the signature must be able to be identified as having not been tampered with since signing
Legally binding across the European Union
As these signatures are uniquely tied to the signer’s identity, a QES cannot be dismissed or be denied admissibility as evidence and is recognized as a valid legally binding signature across all member states of the European Union. Therefore, Qualified Electronic Signatures are a suitable solution for compliance and regulations such as eIDAS (Electronic Identification, Authentication and Trust Services).
When Would I Use A Qualified Electronic Signature?
Organisations should choose to adopt Qualified Electronic Signatures in order to provide the highest level of confidence and integrity with regards to all internally created and signed documents. These can range from contracts, purchase orders, HR documents, regulatory applications, academic documents, financial reports and internal audit documents.
Combined with Qualified Seals, a fully qualified enabled solution allows for an organisation to ensure the originality of a document, as well as the signature approving that document.
And finally, not all QES solutions are equal. Make sure you choose your solution from a QTSP that offers a fully secure and efficient technology allowing your remote workforce to use mobile devices to authenticate their signatures whenever, wherever they are.
The Highest Level of Security at the Press of a Button
One advantage of qualified signatures is the ease of use for the end users. If an employee has a personal certificate linked to them, they have the ability to use a qualified electronic signature. The verification process could be completed with the use of hardware such as smart cards or tokens, but with the right solution, hardware won’t be required, and signatures can be verified with mobile authentication, such as GlobalSign’s Qualified Signing Service (or QSS for short).
QSS, a cloud-based signing service, means organizations can produce, deploy and manage Qualified Electronic Signatures or Seals into their existing signing application. For more information on GlobalSign’s Qualified Signing Service, download our datasheet or click the button below.