tva logoTennessee Valley Authority

COMMUNICATIONS - PRACTICE 11

Electronic Approval/Signature

WHAT

Electronic approval (or electronic signature) is the process where a document or information displayed on a computer display monitor is reviewed, concurred with, and/or approved electronically. The electronic process replaces initials or signatures on a hard copy of the document as indication of concurrence or approval. Electronic approval employs technology to legally ensure that the signature on an electronic document was affixed by the person represented by the signature, and was not copied from another source by someone else. An acceptable electronic approval can be displayed as an actual signature or initials or even as a typed format when applied using proper security. An example of an unacceptable method of electronic approval/signature is scanning a copy of your signature into your computer and copying this scanned signature into a document. Any method used at TVA to produce an electronic signature must meet the Technical Implementation, Security, and Information and Records Management requirements of this Practice. The Office of the General Counsel must give written approval for any electronic approval/signature method used which is a deviation from this Practice. This Practice is consistent with the principles of the Electronic Signatures in Global and National Commerce Act and the Government Paperwork Elimination Act.

For the purposes of this Practice, a document is an electronic file that contains recorded data and information which has record value.

WHO

  • All organizationsAll employees
  • All TVA contractors who participate in electronic approval of TVA documents

WHY

It is the intent of TVA that the capability of performing on-line electronic review, concurrence, and/or approval of information and documents be made part of the process of doing business at TVA when it is of benefit to TVA.

HOW

Technical Implementation

Computer applications/software performing electronic approval or signature must provide the three following capabilities:

  • Identification of the person performing the review, concurrence, and/or approval.Security for documents and the associated process so that documents cannot be approved or changed either inadvertently by technical malfunction or purposeful alteration by unauthorized persons.
  • The application must be documented, maintained, and managed in such a way so that documents that rely on electronic approval meet the standards of admissibility in legal proceedings.

To provide these capabilities, an electronic approval application must provide the following safeguards:

Security

  • A mechanism to provide reasonable assurance of the identity of the person performing the approval transaction at or near the time of the transaction. Acceptable methods may include the use of digital signatures, unique user identification/password combinations, public key/private key cryptography, or biometrics.The electronic approval process must provide an explicit, no-default, non-passive mechanism for the user to indicate that he/she is approving what is being presented.The document management application in which the electronic approval is one component must ensure that documents within the system are protected in a way that the documents being reviewed, concurred, and/or approved electronically are secure and cannot be changed, either by the system or purposeful tampering by unauthorized individuals.
  • Security must address the electronic approval transaction information itself, ensuring that it cannot be changed by anyone. The electronic approval transaction information is the approval record just like a hard signature would be.

Computer applications/software must not allow changes to a document after the electronic approval has been obtained. There are two types of approval processes as described below:

  1. Author Accountability Approval Documents: Disapproval or proposed changes to an author accountability approval document must be returned to the author to reinitiate the approval process. (For example: Any changes to the online performance review (PR&D) form section intended for employee only entry must be made by the employee, not the employee's supervisor/reviewer. The supervisor must return the PR&D to the employee for changes to the employee entered section.)
  2. Ultimate Authority Accountability Approval Documents: In instances where there is an ultimate authority, computer applications may allow changes to a document by the ultimate authority. (For example: Nuclear procedures which require multiple reviews and approvals may be changed by the individual who has the ultimate authority for the process.)
    • When using electronic approval as part of a business process, a relationship must be established between the electronic document and the electronic approval transaction information. The type of approval (review, concurrence, approval, etc.) should be discernible from the document content.
    • For each electronic approval transaction, the following information must be captured and linked to the document:
      1. Person’s Name
      2. Date and Time of the Electronic Approval Transaction
      3. Document Identification
    • Any completed electronic approval transaction information (name, date and time of the electronic approval, and document identification) must be displayed with the document when viewed electronically and when the document is converted to hard copy.

Information and Records Management

  • Documentation of how a computer application accomplishes electronic approval must be maintained with retention equivalent to the longest retention period of any document produced using this application.Contingency plans must be developed to ensure processing of approvals in the event that the electronic approval process is not functioning. Fall-back to a paper-based system of review, concurrence, and/or approval may be warranted if the approval of certain data is time sensitive or otherwise critical to the user’s needs.When the electronic approval transaction data is only stored electronically, a plan to ensure the continued viability of the data must be in place.When an electronic approval is gathered in one electronic system and then the document and approval information is transferred to another records system for storage, the records system receiving a document containing an electronic approval must capture the system name from which the document was received and link it to the document. One example would be when a document is transferred from Curator or EMPAC to the Electronic Document Management System (EDMS).
  • The computer applications/software that provides the electronic approval for documents must be controlled by a formal configuration management process to ensure that records are kept indicating the production start and end dates for each version of the software and to protect the software from unapproved changes. All software performing functions related to electronic approval must be formally tested by having an approved test plan and documented test results for each version.

ROLES

All Organizations

  • Ensure that all electronic approvals considered for use and/or implemented in their organizations comply with this Practice, as well as establish guidelines for their organizations, if necessary.

Information Services, Enterprise Document Management (EDM)

  • Sponsors TVA information technology that manages electronic approval of records.Develops policy and standards for electronic approval of records based on applicable federal and state laws and regulations..Reviews all proposed conversions from a paper-based approval process to an electronic approval process to ensure that all TVA electronic approval systems comply with applicable policy and standards.
  • Consults with the Office of the General Counsel to determine the legal sufficiency of each proposed electronic approval application.

Office of the General Counsel

  • Assists in the EDM review process by evaluating all proposed conversions from a paper-based approval process to an electronic approval process to determine what safeguards should be used to ensure the transactions are legally enforceable.
  • Ensures that all applicable federal and state laws and regulations relating to electronic approval are identified and covered in TVA’s policies and standards.

 

RESOURCES

  • Information Services, Enterprise Document Management
  • Office of the General Counsel

Last Revised 06/2002

top of page

 

 

           
Content for id "future1" Goes Here
Content for id "future2" Goes Here
Content for id "future3" Goes Here