Home » Procountor Signatur » Procountor Signatur – Service description

PROCOUNTOR SIGNATUR – SERVICE
DESCRIPTION

1 OVERVIEW

Procountor Signatur, currently produced by Verified Global AB, is a digital signature solution
that enables signing of PDF documents digitally regardless of time and location.

The solution does not require software installations. The solution can be used as long as
users have access to a web browser, an internet connection and an email address. When
strong authentication is used as a signing method, users are also required to have online
banking credentials or other form of authentication when applicable.

The solution enables sending documents for signing using either basic or strong
authentication. The solution supports multiple signing methods from basic to advanced
electronic signatures.

The customer is responsible for ensuring that the solution is suitable for its intended
purpose. For example, the customer must ensure that signing documents with the solution
does not pose a risk to the customer itself or to third parties such as its business partners or
natural persons.

2 ACTIVATION

Procountor Signatur can be activated by completing the onboarding form that can be found
from procountor.se website.

The activation process proceeds as follows:

  • The subscriber provides personal information and accepts the terms of use and privacy policy.
  • The subscriber strongly authenticates themselves using their online banking credentials.
  • The subscriber provides organization information.
  • The subscriber is shown an order summary. By confirming that the information provided in the order summary is correct, the order is completed and an account is created.
  • The subscriber receives an order confirmation via email.

Within a few minutes after completing the order form, the subscriber receives an email
containing the order confirmation and instructions for activating the account.

By clicking the account activation link, the subscriber can create their personal user account
and login crendentials. Thereafter Procountor Signatur is available for use.

The login credentials for Procountor Signatur are not linked to Procountor product
portfolio’s other products’ login credentials, should the user have other products in use
from Procountor product portfolio.

After logging in to Procountor Signatur, the user can invite other users to use the solution if
needed.

3 PRICING AND BENEFITS

SIMPLE PRICING

The pricing for Procountor Signatur is based on transaction usage. The solution charges for
each transaction made as follows:

  • Digital signature: 20 SEK per signature
  • Signing invitation via SMS: 2 SEK per SMS invitation sent
  • Additional recipient authentication (before the recipient is able to open and view the sent document): 3 SEK per authentication
  • Passport reader authentication: 80 SEK per authentication

There are no setup or monthly fees. Invoicing is based on the number of monthly
transactions made.

The effective pricing for Procountor Signatur can be found from procountor.se website.

QUICK AND EASY SETUP

Procountor Signatur can be immediately accessed by completing the onboarding form and
activating the user account.

EASY-TO-MANAGE SIGNING EXPERIENCE

With Procountor Signatur, sending documents to be digitally signed and tracking the status
of the documents is fast and effortless.

The user that is sending a document for digital signing can choose the most suitable signing
method for each situation. There are several signing methods available: recipients can sign
with strong authentication, email links, SMS messages or touch sign.

The solution enables the user to define signing schedule, signing order and sending
reminders to signatories.

REAL-TIME TRACKING OF SIGNATURES

Procountor Signatur sends email notifications when a sent document has been digitally
signed.

Users can set up automatic reminders in the solution and users can also manually send
reminders whenever necessary.

DOCUMENTS IN A LONG-TERM AND SECURE ARCHIVE

Procountor Signatur stores the documents automatically in a secure archive for up to 10
years. Data is protected with TLS v1.3 encryption and according to Advanced Encryption
Standard 265.

Documents can be searched from the archive using search function. Additionally, you can
categorize documents in the solution or add tags to facilitate document management.

Documents can also be downloaded and saved to other systems.

4 MAIN FUNCTIONALITIES

SENDING A NEW DOCUMENT:

  • To initiate a new digital signing process in Procountor Signatur interface, start by clicking the ”Start” button on the dashboard.
  • Select the desired workflow for the signature process.
  • Upload the set of documents to be sent. With a single submission, you can send up to 10 main agreements and an unlimited number of attachments.
  • Add tags or other metadata to facilitate document management in the archive.
  • Add signatories/approvers.
  • Define the recipient’s role (signatory or approver) and the desired signing method.
  • Define whether the recipients will sign/approve concurrently or sequentially. The document is considered complete only after all parties have signed/approved it.
  • Review the submission: check that all necessary documents are included and the recipients are correct. Optionally, set a deadline for the documents and add a personal greeting. Then, send the documents for signing/approval.

On the dashboard users you can track the status of the submission and send reminders to
signatories/approvers as needed. The status is updated as signatories/approvers open their
emails, view the documents, reject, or sign/approve them.

SIGNING / APPROVAL OF DOCUMENTS:

  • The recipient opens the document from their email. If additional strong authentication is used (e.g. for highly sensitive content), then the solution requires the recipient(s) to strongly authenticate themselves before opening the document.
  • Read the document, then sign or approve it (depending on the role assigned by the sender).
  • Signing is done using the method specified by the sender.
  • Rejection options are available if the recipient chooses to decline to sign or approve the document.
  • The recipient can also monitor the status of signatures/approvals/rejections done by other recipients.

ARCHIVING DOCUMENTS:

  • A completed signed document is automatically stored to the archive.
  • A notification email is sent automatically to signatories, allowing them to access the document. The link to the document is active for 90 days after the document is completed.
  • Additionally, signed documents can be downloaded and saved in a system of your choice.
  • Each signed document is traceable up to the point of signature. The document’s integrity can be verified due to its sealing.
  • Documents can be stored in the archive for up to 10 years.
  • The solution’s security complies with ISO 27001 and all data is stored within the EU.

USER ACCESS MANAGEMENT:

  • The user that activates the account for an organization automatically receives admin
    rights for their account.
  • The admin user has control of the functionalities for granting access to additional
    users, modifying users’ access rights and management of the account settings.
  • Users can be assigned different roles: basic user, privileged user and admin user.
  • Users can have access to one or more accounts.

USER SETTINGS MANAGEMENT:

  • User interface language (SWE, ENG)
  • User contact information
  • Default email language and default greeting
  • Default signing method
  • Reminder settings
  • Management of email notifications during the signing process

ACCOUNT SETTINGS MANAGEMENT:

Organization’s contact information

  • Setting of organization logo for outgoing emails
  • Default email language and default greeting
  • Default signing method
  • Reminder settings
  • User management (including user access rights and statuses)
  • Adding new users to the solution and removing existing users

5 LEGAL VALIDITY

Procountor Signatur complies with the eIDAS Regulation set by the European Union on
electronic identification and trust services for electronic transactions in the European Single
Market. The eIDAS Regulation’s intent is to enable convenient and secure electronic
transactions across EU borders for citizens, businesses, and public sector institutions.
Regulation (EU) No 910/2014 (eIDAS Regulation) went into force on 1 July, 2016, being
mandatory and fully adopted in all EU member states, with precedent over any conflicting
national laws.

eIDAS ensures that each form of electronic signature is admissible as evidence in EU courts
and shall not be denied legal effect solely because it is in electronic form. However, the
enforceability of an agreement made using electronic signatures is depending on the type of
electronic signature used and its embedded evidence. A scanned image of a written
signature is more likely to be challenged in court versus a qualified electronic signature
meeting multiple EU technical standards and containing significant embedded signer
information.

eIDAS differentiates four different levels of electronic signatures, of which level 1 (lowest
level) is not in scope of the eIDAS regulation. We will focus on eIDAS assurance levels 2 till 4
in the following paragraphs.

BASIC ELECTRONIC SIGNATURES

The basic electronic signature will suffice e.g. for accepting a delivery package, checking a
digital box on a desktop screen or scanning a manually signed document. This may either be
a signature that’s manually put on a desktop screen (after which it’s digitally saved) or a
click on an ‘I accept’ button.

Generally, this type of signature is mainly used in lower-value processes, as there is no
foolproof way to confirm the identity of the signer. If someone would copy another person’s
signature and put it on the document, it would be difficult to prove (or even discover) that.
Using the basic electronic signature in legally valid documents could obviously pose an issue, depending on the process in place. Therefore, a signature on insurance, financial, or real estate documents, for example, should meet stricter requirements so it can be connected to the signer with (more) certainty.

According to eIDAS, at the basic level, an electronic signature can be defined as:

“Data in electronic form which is attached to or logically associated with other data in
electronic form and which is used by the signatory to sign.”

Taking this definition literally, you can sign a document simply by scanning your signature or
ticking a box in a document opened on your device of choice. Technically, the data is in
electronic form and attached to a file, but there are problems with this model which eIDAS
is trying to address.

As you might already have guessed, this isn’t covering the purpose of signing a document at
all. The document can still be tampered with, and a “signature” can easily be forged (i.e.,
we cannot be sure who ticked the box to confirm the terms and conditions were accepted).
Simply put: Neither integrity nor authenticity of the document are guaranteed.

ADVANCED ELECTRONIC SIGNATURES

Under eIDAS, this is a type of electronic signature that must meet specific requirements
providing a higher level of signer ID verification, security, and tamper-sealing. The main
requirements are:

  • Uniquely linked to the signer, enabling its identification
  • The signer can use the signature creation data under their sole control with a high
    level of confidence
  • Any subsequent changes in the signed data can be detectable

Using digital signatures that are applied with a digital certificate satisfies all of the above
requirements. Digital certificates are obtained after a thorough verification of an
individual’s identity by a trusted third party (e.g. certificate authority). Digital certificates,
and their resulting signatures, are unique to the individual and virtually impossible to spoof,
achieving the two requirements above.

Because the signatory is the sole holder of the private key which is used to apply the
signature, you can be assured that the signer is the person who they say they are. Finally,
part of the signature verification process, which automatically occurs when a recipient
opens the document, includes checking to see if any changes have been made to the
document since it was signed.

QUALIFIED ELECTRONIC SIGNATURES

This is the only electronic signature type to have special legal status in EU member states,
being the legal equivalent of a written signature. It must meet advanced electronic
signature requirements and be backed by a qualified certificate, meaning a certificate
issued by a trust service provider that is on the EU Trusted List (ETL) and certified by an EU
member state. The trust service provider must verify the identity of the signer and vouch
for the authenticity of the resulting signature. Furthermore, the signature has been given by
approved means like a qualified signature creation device.

The legal framework of the country you are operating in defines if there is a need for a
qualified signature or if an advanced electronic signature is considered as legally binding.
However, depending on the type of business you are in, a qualified electronic signature
might be the right one to choose for you. For instance, any business that is exposed to a
high risk of scam or fraud might consider having a more secure signing system implemented.
This could be businesses operating in the financial, insurance, healthcare or
telecommunications sector, as well as governmental institutions.

WHAT IS THE DIFFERENCE?

As explained above, electronic signatures are classified by the level of assurance they offer.
Each of the three types of electronic signatures can be legally effective under eIDAS. A basic
level of integrity is always guaranteed in the sense that content can’t be altered after
signing the document. But the levels of security differ significantly, and if you ever need to
prove to a court a signature is genuine and was intentionally put on a particular document,
there’s a difference in the evidence you must provide.

6 PROCOUNTOR SIGNATUR VERIFIES THE
VALIDITY OF DOCUMENTS

  • Identifies the signer
  • Verifies the signer when necessary (e.g. for sensitive material) before opening
    documents
  • Ensures the integrity of the signed document

The uncertainty related to the enforceability of documents signed using advanced electronic
signatures is lower in comparison to traditional handwritten signatures on paper documents.

7 SECURITY

Security is of paramount importance to Accountor Finago. It is a key consideration in all
aspects of the company’s operations. Several methods are employed to protect confidential
information:

  • Procountor Signatur enables secure signatures by using advanced electronic
  • signatures (e.g. Swedish BankID)
  • A cloud-based security architecture is used. Numerous controls are employed to
    safeguard your data including encryption in transit and at rest across cloud services,
    external vulnerability research such as continuous penetration test program, and
    more.
  • Rigorous security testing is performed including threat-modeling, automated
    scanning, and third-party audits
  • Protective processes are in place to ensure ongoing management of information
    security risks and vulnerabilities
  • Access to customer data is restricted and only granted based on support or service
    requests
  • All customer data is stored within the EU region. Business processes and security are
    aligned with ISO 27001

Procountor Signatur is currently produced by Verified Global AB, an electronic signature
service provider. Verified’s strong authentication service providers in the EU – BankID (SE),
BankID (NO), FTN (FIN), and NemID (DK) – are registered as authorized service providers in
the EU.

8 ADDITIONAL INFORMATION

To activate the service, please submit the onboarding form that can be found from
Accountor Finago’s website (procountor.se).

To log in to the service, use the following login address:

  • Login URL: signatur.procountor.com
  • Login page can also be found from procountor.se website via ”Login” option