At the heart of company business processes, ERP, whether an in-house or vendor solution, is changing to adapt to companies’ new digital habits.
The process for “natively” associating an electronic signature with it varies according to requirements.
ERP vendors and owners
similar electronic signature requirements
For several years now, ERP has helped organizations with their financial, inventory, production and team management. As the economy becomes increasingly digitized, these solutions are changing, whether they are part of a vendor software package or developed and maintained in-house by the companies which use them.
Common requirements for these multi-task management solutions relate to:
- The digitization of financial management and its tax implications,
- The accelerated transition to a paperless customer relationship, particularly with a view to optimizing conversion rates.
Electronic signature is a fitting response to both of these challenges. In the first case, to transition to a real electronic invoice with fiscal value, and in the second, to enable online contracts to be signed. But its characteristics vary in the different situations.
Server stamps
for electronic invoices
In order to be considered as original with fiscal value, and therefore legally equivalent to the original paper invoice, the invoice must follow a fully digital process from its creation, transmission and receipt through to archiving. The server stamp is the digital equivalent of the company’s stamp and certifies the authenticity of the invoice.
In concrete terms, each invoice produced, validated and transmitted by the information system has previously been digitally signed with a digital certificate in the name of the company or legal entity. This is made possible by a PKI (Public Key Infrastructure) which issues the certificate.
For in-house and vendor ERP solutions, the certificate can be issued by an external trusted authority. But, if it wants to, the software vendor can integrate the PKI, associated with an HSM (Hardware Security Module) and dedicated governance policy, directly into the tool or become a trusted authority itself.
In this case, the ERP vendor must add a strong authentication, electronic signature and digital archiving system. In particular, it must use an advanced e-signature (according to the eIDAS regulation) which can be uniquely linked to an identifiable signatory who has sole control of the data used to create the signature.
Finally, the data and any subsequent changes must be traceable. The end goal is a reliable audit trail.
An additional personal signature certificate
for paperless contracts
Signing a contract involves obtaining the consent of the parties present. Although a company can easily commit to an online contract with its server stamp, the other contracting party isn’t necessarily equipped with their own electronic signature, particularly if it’s a private individual rather than a company.
In this case, the company can issue the third party with a certificate in their name, on the fly and with a short validity period (duration of the session for example). This is called a personal signature certificate.
In addition to obtaining strong authentication of the signatory and their signature (and therefore consent) for the document, the system must also enable a complete file of evidence to be compiled (digital traceability of whole signature workflow) and the signed document to be legally archived. Of course, archived documents must be accessible to the relevant people if necessary.
For ERP owners and software package vendors, this involves implementing a two-factor strong authentication solution such as a login/password pair associated with :
- An OTP (one-time password) received via text or a dedicated app (Google Authenticator for example)
- A named certificate in the device’s trust store.
It would seem that whatever the requirements or situation, combining ERPs and electronic signatures is now inevitable. But like in the “physical world”, simplicity and legal security will play a crucial role in its widespread adoption.
Digitalberry assists you in the implementation of your electronic signature projects from conception to integration, so you can have the best solution that suits your needs.
