Wet Signature Working Group

Background

The aim of this working group was to identify local authority services that include a handwritten signature or seal to endorse a document or contract (a ‘wet signature’) and provide the information needed to acquire and operate an e-signature solution, which meets a set of requirements and is fit for purpose and cost effective.

Over a three-month period, officers from diverse backgrounds and perspectives committed up to two hours of their time per week to help identify opportunities, agree activities, and deliver a set of authority agnostic recommendations.

The group had contribution by officers from:

Bridgend
Cardiff
Carmarthenshire
Conwy
Flintshire
Monmouthshire
Pembrokeshire
Rhondda Cynon Taff
Vale of Glamorgan

Activities

The group started by each officer communicating how they imagined the services they operate improving in the future because of positive change resulting from the outputs of the working group.

They considered and categorised each contribution into one of four similar themed ‘problem-to-solve’ bucket. Each problem was converted into a question which if answered would go towards addressing the problem. The problem questions were:

How can we explore what services need wet signatures and understand/document their requirements, including an indication of scale of use?
How can we be certain that the person on the keyboard accessing our services digitally is the person they say they are and be able to prove that fact so that it could be legally backed-up?
How can we best share ideas and solutions for moving away from wet signatures, and then discover a sufficient and secure platform for all to use which legally complies to all regulations?
How can we develop a standardised and efficient method of achieving “suitable authorisation” that does not require staff to travel into the office to print and post paper documents?

Following discussion, the group decided to focus on problem question one.

Serendipitously Carmarthenshire was already looking into opportunities to reduce the number of wet signatures and the progress it had already made proved to be immensely helpful in moving the working group discussions forward.

Next the group mapped out the steps required to answer the question. This started with identifying the key players effected, ranging from service users (with high and low technical capabilities) to operation managers and potential solution vendors.

The working group ended with the desired outcome, which for this group was an understanding of what services need wet signatures and the associated requirements, including for each the scale of use.

The contributors went away to discover what services within their authority used wet signatures, and through subsequent discussion, distilled the findings into categories (e.g., housing, legal, and procurement) to provide a more manageable indicator of which services would best benefit from a reduction in wet signature dependency.

Marketplace

The working group identified two clear incumbent e-signature vendors: Adobe Sign and DocuSign, with HelloSign and Onespan Sign seen as a credible alternates.

Recommendation

Establish an e-signatures Community of Practice, with representation from each of the 22 authorities (also useful for gaining an understanding of what solutions are already in place and how they are used).

Recommended process to acquire and operate an e-signature solution

Consult other local authorities with experience of e-signatures.
Carry out internal research into what services need wet signatures and ascertain if there are any legal risks for replacing with e-signatures.
Gain a good understanding for each service under consideration and the scale of use i.e., the number of required wet signatures per month or year.
Get to a better understanding of the potential issues of adopting e-signatures by piloting with a couple of internal teams using at least two potential e-signature solutions.
Get agreement from all stakeholders on which services are within the initial scope.
Look into joint procurement opportunities i.e., work with other local authorities seeking a similar reduction in wet signatures.

Recommendations requiring centralised funding

To be carried out by a suitably skilled Business Analyst and shared with all the local authorities:

Develop a set of solution agnostic e-signature user story maps. See example format in Appendix I.
Develop a set of solution agnostic e-signature functional and non-functional requirements that cover most of the likely e-signature service needs to help improve the quality of any procurement undertaking. See example in Appendix II.
Seek out economies of scale opportunities where Welsh Government procure an e-signature license and support for each authority with each LA chipping in on a pro rata basis.
Have a recommended e-signature solution to introduce a consistency of approach across LAs.

Contributors

A special thanks to the working group contributors:

Cheryl Canham, Duncan Betteley, Ellie Hughes, Jade Powell, Jason Snead, Kyle Brown, Rob Brookes, Simon Williams, Stephanie Harris, and Victoria Davidson.

Appendices

Appendix I User Story Map

User Story Grid
As a …	I want to …	So that I can …	Must/Should/Could

Appendix II System Requirements Specification (EXAMPLE)

	Application Requirements	Essential or Desirable
1	To meet all statutory requirements including Welsh language and Data protection legislation
1.1	The platform must be fully compliant with GDPR 2018 requirements including functionality that enables citizens to exercise the ‘right to be forgotten’, erasure of records and partners to easily comply with the request.
1.2	For all customer facing elements to be fully bilingual, including the ability to request a language preference and be fully compliant with Welsh Language Standards.
1.3	The application must have the ability to apply retention policies to all data to allow compliance with GDPR.
1.4	The mobile application must be compliant with SRS ICT security policies
2	Basic Person Information (BPI)
2.1	The application will record key Basic Person Information (BPI) such as unique person identifier, name, address etc
2.2	It must be easy to tailor the BPI record and add additional fields as required. There must be the ability to apply validation and mandatory fields.
2.3	Ability to use multiple fields to easily search and find a user on the system.
2.4	Controlled read, write, and edit permissions against each user must be easy to set by systems administration.
2.5	Ability to find duplicate records and merge into one.
3	Auditing
3.1	To be able to identify any aspect of a record that has been modified internally e.g., where details have been added/amended or deleted. Need to be able to have a full audit trail and be able to pinpoint what has been changed internally
3.2	Standard Application Audit reports are available and configurable to provide information about all aspects of system usage during a set period.
4	Access Rights and Permissions
4.1	It is essential that we can assign different access rights to users based on the information they need to see, and the functionality required. A simple screen so systems administration can change permissions and rights is essential.
5	System Administration
5.1	Ability for system administrators to add, amend and delete system users.
5.2	Ability for authorised users to add, amend and delete users.
5.3	Ability for system administrators to add, amend and delete teams, clusters, and groups.
5.4	The ability to customise content including reports, design, colours, menus, menu options and fields, link, categories, and tabs within the application.
6	Training
6.1	The Supplier will provide a set number of application training days.
6.2	The Supplier must be explicit about the cost, type, and number of training days to be provided as part of their formal tender submission.
6.3	Training will take place locally using training rooms throughout the County.
6.4	The Supplier will provide all staff with support materials including application documentation at the training session.
6.5	The application documentation will vary according to the type of training and staff attending.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.