Full Compliance with Geograpical Industry Regulations
In recent years, most countries worldwide have adopted legislation and regulations that recognize the legality of a digital signature (standard electronic signatures) and deem it a binding signature. In addition to governments, many industries have established regulations (e.g., FDA 21 CFR Part 11 in the Life Sciences industry) that define digital signatures as a replacement for handwritten signatures.
The CoSign digital signature solution supports compliance with numerous regulations even in the most tightly regulated industries and geographies. With the proper standard operating procedures in place, CoSign complies with ESIGN, EU directives and VAT law, HIPAA (and JCAHO), the FDA's 21 CFR Part 11, USDA, the Sarbanes-Oxley Act, and many more. CoSign will also support the new EU regulations on digital signatures that are expected to be established this year by the EU commission.
Related Legislation on Digital Signatures in the US and Worldwide:
Industry Regulations and Standards
CoSign Certifications for Digital Signature Directives
CoSign also follows the internationally approved Common Criteria security standard (ISO/IEC 15408) by using smartcards that are Common Criteria CWA 14169 certified within the CoSign hardware enclosure. The Common Criteria SSCD validation provides compliance with EU Electronic Signature Directives (European Union Directive 1999/93/EC on Electronic Signature).
Typical Legislation Requirements for Digital Signature Directives
Digital signature regulations vary from country to country. Taking the European Electronic Signature Directive (EC Directive 99/93 on Electronic Signatures) as an example, the requirements for a standard (advanced) Electronic Signature are:
- It is uniquely linked to the signatory.
- The signature-creation-data used for signature generation cannot, with reasonable assurance, be derived, and the signature is protected against forgery using currently available technology.
- It is created using means that the signatory can maintain under his sole control.
- It is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
Is CoSign a Secure Signature Creation Device (SSCD)?
The European Directive (EC Directive 99/93 on Electronic Signatures) defines SSCD as:
- Secure signature-creation devices must, by appropriate technical and procedural means, ensure:
Secure signature-creation devices must not alter data to be signed or prevent such data from being presented to the signatory prior to the signature process.
- The signature-creation-data used for signature generation can practically occur only once, and that their secrecy is reasonably assured.
- The signature-creation-data used for signature generation cannot, with reasonable assurance, be derived and the signature is protected against forgery using currently available technology.
- The signature-creation data used for signature generation can be reliably protected by the legitimate signatory against the use of others.
CoSign complies with the SSCD requirements defined by the EU electronic signature directive in the following ways:
- CoSign is available as FIPS 140-2 level 3 validated for those EU member states requiring such a certification for SSCD devices.
- The CoSign SSCD model includes CWA approved smartcards for EU member states requiring this specific certification for SSCD devices.
2 Minute Overview
Want to try CoSign Central or Cloud