[Ord. No. 1787, 1-6-2025]
The purpose of this policy is to establish requirements for using electronic records and electronic signatures in the transaction of official City business.
[Ord. No. 1787, 1-6-2025]
This policy applies to all City employees and governs use of electronic records, signatures and seals used to conduct official City business. Such business, shall include, but not be limited to, electronic communications, transactions and other official purposes.
[Ord. No. 1787, 1-6-2025]
A.
The following Federal and State laws give electronic records and signatures the same legal status as paper records and signatures:
2.
Electronic Signatures and Global National Commerce Act (E-SIGN) of 2000.
5.
Missouri Code of State Regulations, Title 20 - Department of Insurance, Financial Institutions, and Professional Registration (20 CSR 2030-3.060, Licensee's Seal).
[Ord. No. 1787, 1-6-2025]
A.
It is the City of Concordia's policy to:
1.
Use electronic records and electronic signatures as allowed by law, except where written records or signatures are expressly required; exceptions include:
a.
Contracts involving the City;
b.
Court notices and court orders;
c.
Official court documents, including briefs, pleadings and other writings requiring execution and connection with court proceedings;
d.
Termination or cancellation of utility services;
e.
Termination or cancellation of health insurance or life insurance benefits;
f.
Documents dealing with default, acceleration, repossession, foreclosure, or eviction;
g.
Negotiable instruments and secured transactions;
h.
Wills, codicils, and testamentary trusts;
i.
Product recalls or material product failures that risk endangering health or safety; and
j.
Documents required by law to accompany transportation or handling of hazardous materials, pesticides, or other toxic or dangerous materials.
2.
Use electronic seals as allowed by law, so long as they provide the ability to authenticate the document, originator and to verify that it is unaltered.
3.
Provide reasonable assurance that electronic records, electronic signatures and associated metadata will remain accessible for full retention.
4.
Recognize that there is no agreement and no contract in a contractual setting unless all parties agree that an electronic format is acceptable.
5.
Insure an electronic transaction occurs in the manner specified by law and contains any specified elements required by law.
[Ord. No. 1787, 1-6-2025]
As used in this Chapter the following terms shall have the meanings indicated:
The automatic identification of a person is based on their physical characteristics, such as a thumbprint or retina scan.
The comparison of physical signature characteristics, typically speed and pressure of the signature, to a previously provided and stored sample.
An electronic document attached to a public key by a trusted certificate authority, which provides proof that the public key belongs to a legitimate subscriber and has not been compromised.
An entity that issues digital certificates to certify the ownership of a public key by the named subject of the certificate.
Any signature method that does not use a specific technology to increase the security, authenticity, or evidentiary value of a signature.
A digital certificate, also known as a public key certificate, can be used to verify that a public key belongs to an individual. It is an electronic document that uses a digital signature to bind together a public key with identity-information such as the name of a person or an organization, their address, etc.
A specific type of electronic signature that employs signer verification and encryption technology to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
Relates to technology having electrical, digital, magnetic, wireless, optical, electromagnetic or similar capabilities.
Any information that is recorded in a form that only a computer can process and that satisfies the operative definition of "record."
Any electronic method of signing a computer-processible record.
A physical likeness of an individual signature applied electronically and bound to the content via cryptographic technology.
The integrity of a record refers to its being complete and unaltered.
Data about the data; the description of the data resources, its characteristics, location, usage, etc. Metadata is used to identify, describe and define user data.
PKI supports the application of digital signature technology. It is a set of hardware, software, people, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates.
Any document, book, paper, photograph, map, sound recording or other material, regardless of physical form or characteristics, made or received pursuant to law or in connection with the transaction of official business (Section 109.210.5, RSMo.).
A listing and description of the record series maintained by all or part of an organization, prescribing the period of time that each series is to be maintained after no longer needed for current business.
The length of time a record series is to be kept after no longer needed for current business.
An action or set of actions occurring between two (2) or more persons relating to the conduct of business, commercial or governmental affairs.
[Ord. No. 1787, 1-6-2025]
A.
Any person or entity using electronic records and signatures to conduct official City business shall:
1.
Only use electronic signatures for appropriate business purposes;
2.
Adhere to requirements set forth by the City of Concordia;
3.
Protect and not disclose or make available their digital signature, private key or password to other people;
4.
Comply with requirements of professional governing boards with regards to electronic signatures, electronic seals and electronic notarizations; and
5.
Report any suspected or fraudulent use of signatures immediately.
[Ord. No. 1787, 1-6-2025]
A.
B.
How to choose an electronic signature:
1.
Be familiar with the City's policy and procedures for using electronic signatures, including the Electronic Records and Signature Policy.
2.
Understand when electronic signatures cannot be used (see Section 138.040(A)(1) for a complete list of exceptions).
3.
Do a cost-benefit analysis to evaluate current business processes to determine if electronic signature technology is required.
4.
Do a risk assessment to help decide whether electronic signatures are feasible and, if so, what type of electronic signature is needed.
5.
Consult with the Administration for technical questions and for assistance in choosing the right PKI digital signature technology, if needed.
6.
Always protect and do not disclose or make available a digital signature private key or password to others.
7.
Notify the City Administration when individuals or entities are no longer authorized to conduct electronic business so that IT can maintain accurate revocation information.
8.
Document electronic signature processes and coordinate them with Records and Information Management (RIM) and administrative policies and procedures.
C.
Retain electronically signed records and associated metadata according to approved records retention schedules.
1.
Electronically signed records must contain the following minimum information so the entire record and associated metadata can be reproduced in an arrangement that permits the person viewing or printing it to verify:
[Ord. No. 1787, 1-6-2025]
[Ord. No. 1787, 1-6-2025]
This policy is approved for use as indicated by the approval of the Board of Aldermen and the signature of the Mayor below (see Ord. No. 1787 for signature on file).