The Role of the Business Manager in
-
Upload
timothy212 -
Category
Documents
-
view
330 -
download
2
Transcript of The Role of the Business Manager in
The Role of the Business The Role of the Business Manager Manager in in
Implementing an Implementing an Electronic Transaction Electronic Transaction
ProcessProcess
Electronic Signatures and Electronic Electronic Signatures and Electronic Records Under Colorado’sRecords Under Colorado’s
Uniform Electronic Transactions Act Uniform Electronic Transactions Act (UETA)(UETA)
Colorado Department of State, 1700 Broadway, Suite 300, Denver, CO 80290 303-894-2200 Fax: 303-869-4871 www.sos.state.co.us
10/19/05 2
Licensing Division Licensing Division Secretary of State’s OfficeSecretary of State’s Office
Barbara Groth, J.D.Barbara Groth, J.D.UETA Program ManagerUETA Program Manager
Phil GehlichPhil GehlichUETA Program IT AnalystUETA Program IT Analyst
Carrie LondonCarrie LondonAdministrative AssistantAdministrative Assistant
10/19/05 3
Business Manager’s RoleBusiness Manager’s Role
Existing electronic processes or records Database information collection,
storage and retrieval Email Internal time cards, leave slips,
expense reports
10/19/05 4
Business Manager’s RoleBusiness Manager’s Role
New electronic process Often involves “converting” a paper
process to an electronic process Critical to document workflow and
procedures as initial step Opportunity for re-engineering paper
process Be open-minded – electronic process
need not “duplicate” paper process
10/19/05 5
Business Manager’s RoleBusiness Manager’s Role
Electronic process Perform risks analysis Perform benefits analysis Perform costs analysis Consider legal, business and
technology issues and options in each analysis
10/19/05 6
Business Manager’s RoleBusiness Manager’s Role
Electronic process Consider quantitative factors, e.g.
Reduction in cost for storage of paper records
Less time spent inputting data or processing applications
Greater accuracy due to reduction of transcription errors
Cost of new equipment or software “Instantaneous” transmission, compared to
time and expense of mail or courier
10/19/05 7
Business Manager’s RoleBusiness Manager’s Role
Electronic process Consider qualitative factors, e.g.
Change in customer satisfaction Potential for increase or decrease in fraud
10/19/05 8
Business Manager’s RoleBusiness Manager’s Role
Consult with your legal advisor in AG’s office
Consult with your IT advisors Consult with the UETA team
10/19/05 9
Business Manager’s RoleBusiness Manager’s Role
Legal issues Statutory requirements or prohibitions
Federal Laws & Regulations, e.g. Health Insurance Portability and Accountability Act
(HIPAA) Drivers Privacy Protection Act (DPPA)
Colorado Laws & Rules, e.g. Prohibitions on using or recording SSNs (see 23-5-
127, C.R.S.; 4-3-506, C.R.S.) Open records laws
10/19/05 10
Business Manager’s RoleBusiness Manager’s Role
Examine why pen and ink (“wet”) signature is requested on a paper document It’s required by law It serves an important purpose, even if
not mandated It’s “always been done that way”
10/19/05 11
Business Manager’s RoleBusiness Manager’s Role
Purpose of a signature Serve to authenticate a record by identifying
the signer with the signed record Serve “ceremonial” function – call signer’s
attention to significance of signing and potential legal implications
Serve to express signer’s approval or agreement of contents
Serve to express finality of document (not a draft; not accidentally submitted)
10/19/05 12
Business Manager’s RoleBusiness Manager’s Role
If signature needed on electronic record: What type of electronic signature? Create document/form to capture signer’s
intent to sign Create document/form to fulfill reason for
requesting signature
10/19/05 13
Business Manager’s RoleBusiness Manager’s Role
Evaluate whether these attributes of your electronic process need be set at low, medium or high level Authentication Confidentiality Integrity Non-repudiation Authorization Auditability Preservation
10/19/05 14
Business Manager’s RoleBusiness Manager’s Role
Authentication The process of identifying an individual Authentication merely ensures that the
individual is who he or she claims to be Authentication says nothing about the
access rights of the individual Not necessarily the same as an electronic
signature, which must demonstrate intent to sign
May not care about identity in some cases
10/19/05 15
Business Manager’s RoleBusiness Manager’s Role
Confidentiality Assurance that information is not disclosed
to unauthorized persons, processes, or devices
Assurance that information is protected against intentional or accidental unauthorized disclosure
10/19/05 16
Business Manager’s RoleBusiness Manager’s Role
Integrity Information protected against corruption,
tampering, or other alteration By unauthorized persons By accidental actions of authorized persons By intentional actions of authorized persons
Assurance of accuracy and completeness of information Need to capture questions asked on form, not
just responses
10/19/05 17
Business Manager’s RoleBusiness Manager’s Role
Non-repudiation Evidence that can be used to contradict a
person who is (falsely) denying sending or receiving a specific communication or engaging in a specific transaction.
10/19/05 18
Business Manager’s RoleBusiness Manager’s Role
Non-repudiation Some authorization and electronic
signature technologies, e.g. digital signatures, assure high confidence that identity or signature cannot be repudiated Such technologies also assure that any change
in document after digital signature applied will invalidate signature
Content of document can’t be repudiated if digital signature still valid
10/19/05 19
Business Manager’s RoleBusiness Manager’s Role Non-repudiation
PINs and passwords easily compromised People can’t remember them, so they write them down People intentionally let others “borrow” them People using same computer can often discover them People may intentionally use one PIN or password for
multiple people, such as both spouses People are scammed into revealing them through “phishing”
attacks or social engineering They can be hacked, intercepted, etc.
PINs and passwords do not assure that data not changed
PINs and passwords provide low (no?) assurance of non-repudiation
10/19/05 20
Business Manager’s RoleBusiness Manager’s Role
Authorization The process of granting or denying access
to systems, networks or applications based on identity
10/19/05 21
Business Manager’s RoleBusiness Manager’s Role
Auditability Also referred to as Accountability The ability to identify the person or
organization that performed, or is responsible for, the actions affecting information
“Audit trail” Who, what, when, how
10/19/05 22
Business Manager’s RoleBusiness Manager’s Role
Preservation Consider records retention issues
More problematic to store electronic records long term in usable form than paper
Must be able to migrate applications/systems as versions/equipment changes
Electronic records with “secure” signatures especially difficult
10/19/05 23
ConclusionConclusion
Business manager must take the lead in Managing an electronic process
implementation Reviewing existing electronic processes
Should request input from other sources: Legal, IT, UETA
Should understand laws and rules that may affect implementation of process
10/19/05 24
ConclusionConclusion
Business manager has role in shaping ultimate form of UETA rules through involvement of UETA team with your analysis and implementation We’ll learn from your experience and it will
help us shape rules that work Your implementation much more likely to
be compliant with rules finally adopted
10/19/05 25
Additional InformationAdditional Information Contact a member of the UETA Team Licensing tab at www.sos.state.co for info on
UETA Program General Information UETA Statute (24-71.3, C.R.S et seq.) FAQs about UETA (the Act) Glossary Power Point Slide Shows Calendar of Presentations and Demonstrations UETA Task Force Resources & Links
10/19/05 26
Contact InformationContact Information Colorado Department of State
Licensing Division, UETA Program1700 Broadway, Suite 300Denver, CO 80290303 894-2200
Barbara Groth – ext. 6423 [email protected]
Phil Gehlich – ext. 6624 [email protected]