Home » Procountor Signatur » Procountor Signatur – Service description PROCOUNTOR SIGNATUR – SERVICEDESCRIPTION Read Service description 1 OVERVIEW Procountor Signatur, currently produced by Verified Global AB, is a digital signature solutionthat enables signing of PDF documents digitally regardless of time and location. The solution does not require software installations. The solution can be used as long asusers have access to a web browser, an internet connection and an email address. Whenstrong authentication is used as a signing method, users are also required to have onlinebanking credentials or other form of authentication when applicable. The solution enables sending documents for signing using either basic or strongauthentication. The solution supports multiple signing methods from basic to advancedelectronic signatures. The customer is responsible for ensuring that the solution is suitable for its intendedpurpose. For example, the customer must ensure that signing documents with the solutiondoes not pose a risk to the customer itself or to third parties such as its business partners ornatural persons. 2 ACTIVATION Procountor Signatur can be activated by completing the onboarding form that can be foundfrom procountor.se website. The activation process proceeds as follows: The subscriber provides personal information and accepts the terms of use and privacy policy. The subscriber strongly authenticates themselves using their online banking credentials. The subscriber provides organization information. The subscriber is shown an order summary. By confirming that the information provided in the order summary is correct, the order is completed and an account is created. The subscriber receives an order confirmation via email. Within a few minutes after completing the order form, the subscriber receives an emailcontaining the order confirmation and instructions for activating the account. By clicking the account activation link, the subscriber can create their personal user accountand login crendentials. Thereafter Procountor Signatur is available for use. The login credentials for Procountor Signatur are not linked to Procountor productportfolio’s other products’ login credentials, should the user have other products in usefrom Procountor product portfolio. After logging in to Procountor Signatur, the user can invite other users to use the solution ifneeded. 3 PRICING AND BENEFITS SIMPLE PRICING The pricing for Procountor Signatur is based on transaction usage. The solution charges foreach transaction made as follows: Digital signature: 20 SEK per signature Signing invitation via SMS: 2 SEK per SMS invitation sent Additional recipient authentication (before the recipient is able to open and view the sent document): 3 SEK per authentication Passport reader authentication: 80 SEK per authentication There are no setup or monthly fees. Invoicing is based on the number of monthlytransactions made. The effective pricing for Procountor Signatur can be found from procountor.se website. QUICK AND EASY SETUP Procountor Signatur can be immediately accessed by completing the onboarding form andactivating the user account. EASY-TO-MANAGE SIGNING EXPERIENCE With Procountor Signatur, sending documents to be digitally signed and tracking the statusof the documents is fast and effortless. The user that is sending a document for digital signing can choose the most suitable signingmethod for each situation. There are several signing methods available: recipients can signwith strong authentication, email links, SMS messages or touch sign. The solution enables the user to define signing schedule, signing order and sendingreminders to signatories. REAL-TIME TRACKING OF SIGNATURES Procountor Signatur sends email notifications when a sent document has been digitallysigned. Users can set up automatic reminders in the solution and users can also manually sendreminders whenever necessary. DOCUMENTS IN A LONG-TERM AND SECURE ARCHIVE Procountor Signatur stores the documents automatically in a secure archive for up to 10years. Data is protected with TLS v1.3 encryption and according to Advanced EncryptionStandard 265. Documents can be searched from the archive using search function. Additionally, you cancategorize documents in the solution or add tags to facilitate document management. Documents can also be downloaded and saved to other systems. 4 MAIN FUNCTIONALITIES SENDING A NEW DOCUMENT: To initiate a new digital signing process in Procountor Signatur interface, start by clicking the ”Start” button on the dashboard. Select the desired workflow for the signature process. Upload the set of documents to be sent. With a single submission, you can send up to 10 main agreements and an unlimited number of attachments. Add tags or other metadata to facilitate document management in the archive. Add signatories/approvers. Define the recipient’s role (signatory or approver) and the desired signing method. Define whether the recipients will sign/approve concurrently or sequentially. The document is considered complete only after all parties have signed/approved it. Review the submission: check that all necessary documents are included and the recipients are correct. Optionally, set a deadline for the documents and add a personal greeting. Then, send the documents for signing/approval. On the dashboard users you can track the status of the submission and send reminders tosignatories/approvers as needed. The status is updated as signatories/approvers open theiremails, view the documents, reject, or sign/approve them. SIGNING / APPROVAL OF DOCUMENTS: The recipient opens the document from their email. If additional strong authentication is used (e.g. for highly sensitive content), then the solution requires the recipient(s) to strongly authenticate themselves before opening the document. Read the document, then sign or approve it (depending on the role assigned by the sender). Signing is done using the method specified by the sender. Rejection options are available if the recipient chooses to decline to sign or approve the document. The recipient can also monitor the status of signatures/approvals/rejections done by other recipients. ARCHIVING DOCUMENTS: A completed signed document is automatically stored to the archive. A notification email is sent automatically to signatories, allowing them to access the document. The link to the document is active for 90 days after the document is completed. Additionally, signed documents can be downloaded and saved in a system of your choice. Each signed document is traceable up to the point of signature. The document’s integrity can be verified due to its sealing. Documents can be stored in the archive for up to 10 years. The solution’s security complies with ISO 27001 and all data is stored within the EU. USER ACCESS MANAGEMENT: The user that activates the account for an organization automatically receives adminrights for their account. The admin user has control of the functionalities for granting access to additionalusers, modifying users’ access rights and management of the account settings. Users can be assigned different roles: basic user, privileged user and admin user. Users can have access to one or more accounts. USER SETTINGS MANAGEMENT: User interface language (SWE, ENG) User contact information Default email language and default greeting Default signing method Reminder settings Management of email notifications during the signing process ACCOUNT SETTINGS MANAGEMENT: Organization’s contact information Setting of organization logo for outgoing emails Default email language and default greeting Default signing method Reminder settings User management (including user access rights and statuses) Adding new users to the solution and removing existing users 5 LEGAL VALIDITY Procountor Signatur complies with the eIDAS Regulation set by the European Union onelectronic identification and trust services for electronic transactions in the European SingleMarket. The eIDAS Regulation’s intent is to enable convenient and secure electronictransactions across EU borders for citizens, businesses, and public sector institutions.Regulation (EU) No 910/2014 (eIDAS Regulation) went into force on 1 July, 2016, beingmandatory and fully adopted in all EU member states, with precedent over any conflictingnational laws. eIDAS ensures that each form of electronic signature is admissible as evidence in EU courtsand shall not be denied legal effect solely because it is in electronic form. However, theenforceability of an agreement made using electronic signatures is depending on the type ofelectronic signature used and its embedded evidence. A scanned image of a writtensignature is more likely to be challenged in court versus a qualified electronic signaturemeeting multiple EU technical standards and containing significant embedded signerinformation. eIDAS differentiates four different levels of electronic signatures, of which level 1 (lowestlevel) is not in scope of the eIDAS regulation. We will focus on eIDAS assurance levels 2 till 4in the following paragraphs. BASIC ELECTRONIC SIGNATURES The basic electronic signature will suffice e.g. for accepting a delivery package, checking adigital box on a desktop screen or scanning a manually signed document. This may either bea signature that’s manually put on a desktop screen (after which it’s digitally saved) or aclick on an ‘I accept’ button. Generally, this type of signature is mainly used in lower-value processes, as there is nofoolproof way to confirm the identity of the signer. If someone would copy another person’ssignature and put it on the document, it would be difficult to prove (or even discover) that.Using the basic electronic signature in legally valid documents could obviously pose an issue, depending on the process in place. Therefore, a signature on insurance, financial, or real estate documents, for example, should meet stricter requirements so it can be connected to the signer with (more) certainty. According to eIDAS, at the basic level, an electronic signature can be defined as: “Data in electronic form which is attached to or logically associated with other data inelectronic form and which is used by the signatory to sign.” Taking this definition literally, you can sign a document simply by scanning your signature orticking a box in a document opened on your device of choice. Technically, the data is inelectronic form and attached to a file, but there are problems with this model which eIDASis trying to address. As you might already have guessed, this isn’t covering the purpose of signing a document atall. The document can still be tampered with, and a “signature” can easily be forged (i.e.,we cannot be sure who ticked the box to confirm the terms and conditions were accepted).Simply put: Neither integrity nor authenticity of the document are guaranteed. ADVANCED ELECTRONIC SIGNATURES Under eIDAS, this is a type of electronic signature that must meet specific requirementsproviding a higher level of signer ID verification, security, and tamper-sealing. The mainrequirements are: Uniquely linked to the signer, enabling its identification The signer can use the signature creation data under their sole control with a highlevel of confidence Any subsequent changes in the signed data can be detectable Using digital signatures that are applied with a digital certificate satisfies all of the aboverequirements. Digital certificates are obtained after a thorough verification of anindividual’s identity by a trusted third party (e.g. certificate authority). Digital certificates,and their resulting signatures, are unique to the individual and virtually impossible to spoof,achieving the two requirements above. Because the signatory is the sole holder of the private key which is used to apply thesignature, you can be assured that the signer is the person who they say they are. Finally,part of the signature verification process, which automatically occurs when a recipientopens the document, includes checking to see if any changes have been made to thedocument since it was signed. QUALIFIED ELECTRONIC SIGNATURES This is the only electronic signature type to have special legal status in EU member states,being the legal equivalent of a written signature. It must meet advanced electronicsignature requirements and be backed by a qualified certificate, meaning a certificateissued by a trust service provider that is on the EU Trusted List (ETL) and certified by an EUmember state. The trust service provider must verify the identity of the signer and vouchfor the authenticity of the resulting signature. Furthermore, the signature has been given byapproved means like a qualified signature creation device. The legal framework of the country you are operating in defines if there is a need for aqualified signature or if an advanced electronic signature is considered as legally binding.However, depending on the type of business you are in, a qualified electronic signaturemight be the right one to choose for you. For instance, any business that is exposed to ahigh risk of scam or fraud might consider having a more secure signing system implemented.This could be businesses operating in the financial, insurance, healthcare ortelecommunications sector, as well as governmental institutions. WHAT IS THE DIFFERENCE? As explained above, electronic signatures are classified by the level of assurance they offer.Each of the three types of electronic signatures can be legally effective under eIDAS. A basiclevel of integrity is always guaranteed in the sense that content can’t be altered aftersigning the document. But the levels of security differ significantly, and if you ever need toprove to a court a signature is genuine and was intentionally put on a particular document,there’s a difference in the evidence you must provide. 6 PROCOUNTOR SIGNATUR VERIFIES THEVALIDITY OF DOCUMENTS Identifies the signer Verifies the signer when necessary (e.g. for sensitive material) before openingdocuments Ensures the integrity of the signed document The uncertainty related to the enforceability of documents signed using advanced electronicsignatures is lower in comparison to traditional handwritten signatures on paper documents. 7 SECURITY Security is of paramount importance to Accountor Finago. It is a key consideration in allaspects of the company’s operations. Several methods are employed to protect confidentialinformation: Procountor Signatur enables secure signatures by using advanced electronic signatures (e.g. Swedish BankID) A cloud-based security architecture is used. Numerous controls are employed tosafeguard your data including encryption in transit and at rest across cloud services,external vulnerability research such as continuous penetration test program, andmore. Rigorous security testing is performed including threat-modeling, automatedscanning, and third-party audits Protective processes are in place to ensure ongoing management of informationsecurity risks and vulnerabilities Access to customer data is restricted and only granted based on support or servicerequests All customer data is stored within the EU region. Business processes and security arealigned with ISO 27001 Procountor Signatur is currently produced by Verified Global AB, an electronic signatureservice provider. Verified’s strong authentication service providers in the EU – BankID (SE),BankID (NO), FTN (FIN), and NemID (DK) – are registered as authorized service providers inthe EU. 8 ADDITIONAL INFORMATION To activate the service, please submit the onboarding form that can be found fromAccountor Finago’s website (procountor.se). To log in to the service, use the following login address: Login URL: signatur.procountor.com Login page can also be found from procountor.se website via ”Login” option