Had to wake up at 8:00am Central Standard time to attend this Digital Signature Training for work. 1st part of training was telling us that we have a central repository for documents. This is basically a huge file server that holds documents and keeps all versions of a document for a tracking history and accountability. Period. That’s all it is. I always travel so I have no access to this repository as it is behind the company firewalls. So when I am on-site at a customer and need official documents, I can’t get them. Amazing.
Enough about the glorified file server.
So this Digital Signature business is a big deal. It allows you to “Sign” an electronic document. Usually when you are done signing an electronic document, you will see the persons Signature(Scanned Image of an Actual signature), as well as the date of the e-sig, and sometimes even a reason as to why you signed it. At the far left you have a huge green check that states “Verified”. This allows the person receiving it to know that you actually signed it. Without this verification their is no way of knowing if the original party signed it. Sounds good so far right.
Well the trick to the digital signature is all contained within a certificate. What is a certificate you ask? It’s basically a token or code with which to compare the digital signature to. If you have the wrong certificate then the signature won’t check out.
My company has decided to not use the Certificate. So we will be sending documents with a digital signature that can’t be verified. When I asked why we are doing it this way, they stated that there was no system in place at the time, so this is a start. Also it was stated that using certificates was too complicated for users. Sorry if it’s too complicated, Electronic Signatures are suppose to be a little complicated!
Makes no sense to me. It’s like building a car, knowing you need to secure it. So then someone says lets put door handles on and a lock mechanism, but for now we won’t actually lock the door. It’s a start.
Why do I even try?