Frequently Asked Questions
- What is an electronic signature?
- What is a digital signature?
- Do I need to choose between electronic and digital signatures?
- Does Adobe EchoSign create certified PDF documents?
- How are electronic signatures better than paper or fax signatures?
- What security practices does Adobe EchoSign follow?
Legality and Enforceability
- In which countries are e-signatures enforceable?
- Is EchoSign compliant with governmental requirements set forth in e-signature legislation?
Compliance, Certifications, and Standards
- Are EchoSign e-signatures auditable?
- How does Adobe EchoSign help ensure nonrepudiation?
- Can EchoSign e-signatures be used in audits and reports?
General Use Questions
- What are the key features of EchoSign?
- Who Uses EchoSign?
- Does the other party require an EchoSign account?
- Do I have to sign a long-term contract?
- What file formats does EchoSign support?
1. What is an electronic signature?
An electronic signature – also known as an e-signature – is a simple, easy and legal way to get consent or approval on electronic documents or forms.
The most relied upon definition of an electronic signature is “… an electronic sound, symbol, or process attached to or logically associated with a record … adopted by a person with the intent to sign the record.” The most popular method for gathering and managing electronic signatures uses people’s email addresses to identify each participant and associate them with a sequence of events that demonstrates intent to sign. Award winning Adobe EchoSign provides just such as system. How it works
Electronic signatures are:
- Legal - Electronic signatures are recognized as legally binding in the majority of countries around the world.
- Tested - Industry leaders such as the American Lung Association, British Telecom, Marketo, and NEC Financial Services, along with many Fortune 500 companies, government agencies, and tens of thousands of small to medium business rely on and create millions of e-signatures a year.
- Secure - Electronic signatures are more secure than written and fax signatures. The Adobe EchoSign service ensures documents are managed, signed and ultimately delivered to the contracting parties in a secure manner.
- Auditable - The process of gathering electronic signatures from multiple parties can be tracked to ensure compliance. The Adobe EchoSign service establishes a detailed audit trail that logs all events and actions taken by the people who participated in the transaction.
2. What is a digital signature?
The term “digital signature” is often confused with “electronic signature”. In fact, a digital signature is one specific implementation of an electronic signature. A digital signature requires a signer to have a certificate-based digital ID, frequently contained in a token, smart card, or other physical device. Digital certificates are the key component of the technology known as Public Key Infrastructure (“PKI”) and are issued from a Certificate Authority (also known as a trusted authority) to be used in the digital signature process providing a high level of authentication, integrity and security with respect to the transaction and the identity of the parties signing. Because of the infrastructure required to manage PKI technology, digital signatures are most commonly used in large governments and regulated industries for internal or business-to-business workflows. For instance, US Federal government agencies use certificate IDs associated with CAC (Common Access Cards) or PIV (Personal Identification Verification) cards. Similarly, pharmaceutical companies use certificate signatures that comply with the SAFE (Signatures & Authentication For Everyone) BioPharma industry standard.
3. Do I need to choose between electronic and digital signatures?
Not necessarily. For the vast majority of businesses, an electronic signature software like Adobe EchoSign provides everything needed to gather, track, and store documents that contain legally enforceable signatures. Typical deployments verify the signer’s identity using an email ID, but additional methods are available too, including: a one-time password, knowledge based authentication, or a social network identity. And because it’s cloud-based, your business or agency can deploy quickly with an affordable monthly subscription.
If your organization requires digital certificate ID’s and can implement on-premise PKI technology, you might want to consider using Adobe EchoSign in combination with Adobe Acrobat® desktop software or Adobe LiveCycle® Digital Signatures server-based software to address the full range of signing processes in your organization. Acrobat and LiveCycle let you create user-driven or automated digital signature processes using certificate IDs that have been issued to employees or selected partners. You can then use Adobe EchoSign to support signing processes for anyone else, including customers, citizens, and vendors. To learn more, read about Acrobat and certificate signatures, or LiveCycle and EchoSign.
4. Does Adobe EchoSign create certified PDF documents?
Yes. EchoSign implements its own public key infrastructure (PKI), which is compliant with the Adobe Approved Trust List (AATL) program that supports document certification. EchoSign automatically certifies a final PDF of the signed document before distributing it to all participants. Recipients can open the file in Adobe Reader® or Adobe Acrobat® software and see the certified document “blue ribbon”, verifying that the document was processed by an authentic source and wasn’t tampered with during transit.
5. How are electronic signatures better than paper or fax signatures?
Electronic signatures are more secure – and get the job done faster and cheaper – than paper-based signatures.
- Apply to the entire document - If a paper contract has two or more pages, and the signature is only applied to a single page – unsigned pages could be changed without anyone’s knowledge. With EchoSign, a cryptographic binding is applied to the entire document when a signature is applied, creating a certified document. If any information changes on any page – participants are notified that the document was modified after it was signed.
- Can’t be duplicated with a copier or scanner - It’s too easy to forge a paper signature by copying it, scanning it, or tracing it with a pen. With EchoSign, a signature is bound to a specific instance of the document and tracked as part of a multi-step signature process. A signature that’s been applied to one document can’t be applied to another.
- Can’t be backdated - With paper signatures, signers are free to enter any date or time they choose, making it possible for one of the parties to change the “active” date of the signing without notifying other parties. With EchoSign, the time is centrally managed by the hosted service and backdating is not allowed.
- Are much easier to authenticate - Authenticating a paper signature requires another handwritten signature from the same signer for forensic comparison. If additional signature samples aren’t available, authenticity can’t be proven. With EchoSign, basic authentication of the signer is accomplished via their email address. In addition, a unique signing URL is sent to the signer who clicks on it to activate the signing process. All of the events are tracked by EchoSign and IP address records are included in a detailed audit log.
- Are similar to using a notary, but without the hassle - Paper signatures can be more secure if you work with a trusted third party like a notary, but the in-person signing ceremony adds costs and delays to the signing process. EchoSign makes it possible to build efficient electronic signing processes that can verify user identities in a number of ways. Typical deployments verify the signer’s identity using an email ID, but additional methods are available too, including: a one-time password, a social network identity (Facebook, LinkedIn, or Google), or Knowledge Based Authentication which compares information known by the signer with information contained a secure identity database.
6. What Security Practices does Adobe EchoSign follow?
Adobe EchoSign leverages SSL (Secure Sockets Layer) using 256-bit AES (Advanced Encryption Standard) encryption for data in motion when accessing the application from the Internet. For data at rest, Adobe is currently rolling out LUKS (Linux Unified Key System), using 128-bit AES on LVM (Logical Volume Manager) disk containers throughout the data center, which should be completed in June, 2012. All offsite backups are encrypted with 256-bit AES.
Legality and Enforceability
Adobe EchoSign is the electronic signature solution you can trust, from the company that brought you Adobe PDF and Adobe Acrobat software. Industry leaders including Aetna, BT Group, Dropbox, and Google choose EchoSign to get documents signed—easily, securely, on any device. Organizations of all sizes rely on EchoSign to collect legally binding e-signatures, maintain secure audit trails, and meet compliance requirements with confidence.
7. In which countries are e-signatures enforceable?
Currently, electronic signatures are enforceable in 27 countries—including Australia, Canada, the United Kingdom, and the United States.
To stay current on the policies and legality of e-signatures around the world, Adobe employs legal teams on six continents. View the EchoSign global map infographic to see which countries have adopted electronic signature legislation and to learn more about each country’s specific criteria.
8. Is EchoSign compliant with governmental requirements set forth in e-signature legislation?
In the United States, Adobe warrants that EchoSign is fully compliant with the Electronic Signatures in Global and National Commerce (ESIGN) Act of 2000.
In addition, EchoSign complies with the following countries’ e-signature laws and regulations:
- Australia - the Electronic Transactions Act
- Canada - the Uniform Electronic Commerce Act (UECA)
- United Kingdom - the Electronic Communications Act 2000 (Chapter 7)
Compliance, Certifications, and Standards
9. What compliance and security certifications has Adobe EchoSign attained?
The EchoSign electronic signature solution meets or exceeds a number of strict industry and regulatory standards, including:
- HIPAA - The Health Insurance Portability and Accountability Act (HIPAA) helps ensure sensitive patient information is protected. All of the EchoSign systems are fully compliant with HIPAA, so highly regulated personal health information (PHI) can be stored on its servers.
- PCI DSS - Adobe EchoSign has achieved the Payment Card Industry (PCI) Level 1 compliance as a merchant and service provider. An independent third party audited EchoSign software’s strict technical and operational controls for handling cardholder data, and gave EchoSign an Attestation of Compliance (AoC). This certification assures customers that Adobe EchoSign is safe, more secure, and compliant with industry best standards.
- SSAE 16 Type II SOC 2 - The Statement on Standards for Attestation Engagements (SSAE) No. 16 measures the controls relevant to financial reporting. The Service Organizational Controls 2 (SOC 2) measures the IT controls of security, availability, processing integrity, confidentiality, and privacy. Adobe EchoSign operations meet or exceed SSAE 16 Type II SOC 2 requirements and are audited annually.
10. Are EchoSign e-signatures auditable?
Yes, EchoSign e-signatures are actually more auditable than ink signatures, because they provide additional levels of security, tracking, and control. All EchoSign e-signatures and audit trails are encrypted, digitally sealed, tamper evident, and maintained in a secure data center.
11. How does Adobe EchoSign help ensure nonrepudiation?
Every document signed in Adobe EchoSign automatically generates an audit trail that tracks every step in the signature process—from initial document preparation through signing and archiving. This comprehensive audit trail is stored securely and can be used in court to help prove who signed a document and when they signed it.
12. Can EchoSign e-signatures be used in audits and reports?
Yes. Since EchoSign e-signatures meet or exceed the international standards mentioned above, EchoSign documents are admissible in audits and reports prepared for a variety of regulatory agencies.
General Use Questions
13. What are the key features of EchoSign?
Instant signatures — get document signed in seconds with the easiest electronic signature product in the world. Need it signed and faxed back? No problem, select the “Fax Signature” option.
From anywhere — Access your account in real-time from any browser, anywhere.
More control — Use account sharing to track contracts for your entire team or department and have instant visibility into when documents are really getting signed, how and by whom.
Less paperwork — All parties automatically receive a copy of the signed agreement. No more scanning and photocopies and a backup copy is always stored right in your EchoSign account.
14. Who Uses EchoSign?
EchoSign is used by over 35,000 companies and 6,000,000 users worldwide. Our customers include global leaders like BT, Dell, GE, Time Warner, Google, Agilent, Delta, and more, as well as SaaS leaders like Netsuite, Jigsaw/Salesforce, Taleo, and Successfactors, and thousands of small businesses, including businesses of one.
15. Does the other party require an EchoSign account?
The recipient to your agreements doesn't need to have an account with EchoSign in order to sign your documents.
16. Do I have to sign a long-term contract?
No. EchoSign requires no annual contracts. An EchoSign subscription is month-to-month and you can cancel at anytime.
17. What file formats does EchoSign support?
EchoSign currently supports Microsoft Word, Excel, and Powerpoint; Google Docs; PDF; JPEG and several other image formats; plain text and HTML. Need another format? Let us know
18. Do you offer a free trial?
Yes! You may sign up here for a free 14 day trial for our Enterprise edition. Or, if you'd like to learn more about our Enterprise Edition with its account sharing and corporate branded features of EchoSign, contact our sales team at (877) ECHOSIGN or firstname.lastname@example.org and we’ll get you set up in no time.
19. How much does it cost?
Depending on usage, EchoSign has account options ranging from free for the occasional user to $29.95 per user per month. The number of documents sent by each paid user is limited by our Fair Use Policy. Abuse of Fair Use is defined as: usage in any given month that exceeds more than three (3) times the average level of usage of the same category of Adobe’s Paid Account Users over that thirty (30) day period. As a general guideline a single user sending over 50 documents/month is considered to be a violation of the fair use policy. If you will send a significantly greater volume please contact us. Learn more