The handwritten signature exists in the digital age too. But there are so many different names for it: electronic signature, qualified electronic signature, digital signature – what’s the difference between them? And what do they all mean anyway?
We come across electronic signatures every day in all sorts of contexts and systems. Often, it’s not even something that would have merited a formal signature in the analog age. In many non-critical cases, no special measures are necessary – for example, with a simple vacation approval. However, the process of replacing a paper document and manual signature with its electronic equivalent is more complicated.
To better understand how they interrelate, we should start by clarifying the terms. Electronic signatures exist in various forms; or to be more precise, there are different procedures which generally build on each other. The starting point is the “simple electronic signature”. The “advanced electronic signature” and the “qualified electronic signature” (QES) offer progressively more security.
The start of the whole process is authenticating a user against a software system. This authentication is usually password-based. The system determines what levels of authorizations the user in question has and whether their role permits them to sign a vacation approval, for example. A simple electronic signature has now been applied.
Simultaneously, modern quality management systems utilize audit trail functionalities to record who has worked on which process step, in which area and when, and which contents were modified in the process. However, simple authentication has its limitations: for example, if the user leaves their workstation without locking the system, there could be a security vulnerability.
The advanced electronic signature comes into play to protect against this vulnerability and give higher-quality confirmation of identity. For example, the user must enter their name and password completely every time a critical process step is called up – even if the user is already logged on to the system and has been authenticated.
Finally, the qualified electronic signature is used for particularly critical cases. This offers the greatest security and is the only digital signature form that is legally equivalent to the handwritten signature. One of the measures that guarantees its high level of security is the integration of external certification bodies that are legitimized and controlled by state authorities – the Federal Office for Information Security in Germany.
From simply initialing to legally binding personal signatures: everything that in the past was only possible using pen and paper can now be achieved with digital tools. The higher the need for security, the more stringent the authentication procedures become. This is where modern software-based QM systems show their strengths: they offer flexible deployment scenarios and also strike the best balance between user-friendliness and security.
Of course, we are always available to you for a personal discussion. Just send us an email or give us a call. Our digitalization experts look forward to discussing your digital ideas with you.