UMB Procedure Regarding Electronic Signatures

Administration, General Administration   |   Approved October 7, 2020

Purpose

To establish procedures for using electronic signature (e-signature) software in connection with documents used to conduct official University of Maryland, Baltimore (UMB) activities. This Procedure implements the UMB Policy Regarding Electronic Signatures.

Applicability

This Procedure applies to all users seeking to utilize e-signature software in connection with official UMB contracts and other documents.

Instructions

GENERAL GUIDELINES

1. DocuSign is the only e-signature software authorized for use at UMB.
2. All DocuSign links, forms, and documents must be securely stored to prevent unauthorized access. Users are prohibited from posting DocuSign links, forms, and documents on the Internet for public access.
3. E-signed documents are secured on a DocuSign server and can be downloaded to a UMB server or printed.
4. As set forth in the Policy, to use an e-signature, an individual must have the authority to undertake the action made by the e-signature. Only specific individuals identified by UMB policy have authority to sign contracts and other documents on behalf of UMB. Only those individuals and their authorized designees have authority to affix e-signatures on contracts and other documents within the signatory’s authority.
5. A user’s right to use DocuSign (whether as a Viewer, Sender, Template Sender, or Template Creator) does not of itself grant signature authority to the user. Therefore, no such user may sign contracts or other documents on behalf of UMB unless they otherwise have authority to do so.

PROCEDURES

1. How to Access DocuSign
1. To Login, click: https://account.docusign.com
2. At the DocuSign Login page, enter the UMB email address.
3. Click the yellow “CONTINUE” button.
4. The user will be directed to the “UMB Login to DocuSign” page.
5. Enter in the UMID and Password.
6. Click the “Login” button.
7. Complete DUO authentication.
8. Once authentication is complete, then the user will arrive at their DocuSign home page.
2. DocuSign Security Roles
   1. All DocuSign users have basic Viewer rights. A Viewer has the ability to open and view any DocuSign document that has been sent to the user. No approvals are required in order to have Viewer rights.
   2. In order to receive the right to have additional functionality with DocuSign documents, the user must be assigned one of three “security roles”: i.e. either “Sender,” “Template Sender,” or “Template Creator”.
   3. A Sender has the ability to upload any document and configure it for DocuSign. A Sender also has the ability to send the document for review, data input, and e-signature by authorized signers.
   4. A Template Sender has authority only to initiate and send pre-defined templates. The templates may only be sent to individuals who have been granted access to the template.  A Template Sender does not have the functionality to upload documents other than pre-defined templates. Some templates may be configured for university-wide use, while others may be restricted to designated groups.
   5. A Template Creator is allowed to create DocuSign templates; to assign template access to others; and to send documents based upon templates that they created. A Template Creator does not have the right to modify templates or assign access to templates that have not been created by or assigned to them.
   6. Further information and training for all security roles can be found on the Center for Information Technology Services (CITS) DocuSign webpage.
   7.  
3. How to Receive an Enhanced Security Role
   1. In order to be assigned either the “Sender,” “Template Sender,” or “Template Creator” role, the user must do the following:
   2. Complete the DocuSign Online Training. (Different training modules are required for different roles.)
   3. Complete and submit to CITS the UMB DocuSign Security Request Form.
   4. The request must be approved by the requester’s supervisor, and by the CITS DocuSign team.
   5. The requestor and supervisor will receive a copy of the approved form after it has been reviewed and fully approved.
4. How to Create a New Template
   1. A copy of any template created by a Template Creator must be sent to CITS. In order do so, the Template Creator must do the following:
      1. Submit the UMB DocuSign Template Form (located in the Authenticated UMB Forms Library > DocuSign Forms).
      2. Upload the requested document in DOCX or PDF format.
   2. CITS may, upon request, create templates on behalf of an Operational Unit. In order to request such assistance, the Operational Unit must do the following:
      1. Submit the UMB DocuSign Template Form (located in the Authenticated UMB Forms Library > DocuSign Forms).
      2. Upload the requested document in DOCX or PDF format.
      3. The requested template must be approved by the requester’s Department Head or Administrator.
      4. If HIPAA, FERPA, or personally identifiable information will be included in the template, CITS will conduct additional review and may request additional information from the requester.

EXCEPTIONS

Exceptions to this Procedure must be approved in writing by UMB’s Chief Information Officer (CIO) or designee.  The request must be signed/e-mailed by the Department head or designee.

RESPONSIBILITIES

1. Operational Units are responsible to:
1. Ensure that only individuals with signing authority are signing documents with e-signatures on behalf of UMB.
2. Ensure that use of an e-signature complies with law and policies.
3. Assist CITS in establishing signatories, routing, and document management (e.g. updates).
2. CITS is responsible to:
1. Develop and provide training materials.
2. Manage and take action on role and document requests from users and Operational Units.
3. Assist users and Operational Units in the creation and maintenance of templates.
4. Manage DocuSign software, updates, security, and other related information technology duties.

VIOLATIONS AND SANCTIONS

1. Employees who do not comply with this Procedure are subject to disciplinary action and appropriate sanctions under UMB policies, up to and including termination of employment and criminal prosecution under applicable federal and state laws.
2. Authorized Affiliate Employees who do not comply with this Procedure may be subject to disciplinary action, lose the privilege of using DocuSign, or have UMB fiscal authority terminated.

DEFINITIONS AND TERMS

Authorized Affiliate Employee - Person employed by an entity that has a relationship with UMB authorized by the Board of Regents or by law, e.g., faculty practice plan organizations, University of Maryland Baltimore Foundation (UMBF) and other affiliated foundations, recognized incorporated alumni associations, recognized affiliated business entities, University of Maryland Medical System/University of Maryland Medical Center, and other University System of Maryland institutions.  An Authorized Affiliate Employee is responsible for the administration and reporting of UMB resources.

Operational Units - schools, divisions, departments, affiliates of UMB.