GENERAL ORDERS LINCOLN POLICE DEPARTMENT
SUBJECT: INFORMATION TECHNOLOGY SECURITY
TITLE: ELECTRONIC SIGNATURES
EFFECTIVE DATE: JUNE 1, 2025
REVISION DATE:
ACCREDITATION: ALABAMA ASSOCIATION OF CHIEFS OF POLICE (AACOP)
APPROVAL: CHIEF DARREN E. BRITTON
1108.1 PURPOSE AND SCOPE
The purpose of this Electronic Signatures policy is to enable the development and use of electronic signatures (e-sign) to support full legal effect and enforceability when conducting transactions by the Lincoln Police Department. This policy establishes the approach for adopting e-sign technology and best practices to ensure electronic signatures applied to official documents are legally valid and enforceable.
Electronic signatures are used to authenticate identity and to verify the integrity of signed electronic records. Electronic signatures document the signer's intent, provide evidence that a specific individual signed the electronic record, and maintain an auditable electronic record of the signature that cannot be changed without detection.
1108.1.1 DEFINITIONS
AUTHENTICATION: Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to a system's resources.
DIGITAL SIGNATURE: A subset of electronic signature technology. Digital signatures encrypt documents with digital codes to verify the user's identity and support authentication, data integrity, and signer non-repudiation.
ELECTRONIC SIGNATURES OR E-SIGN: A legal concept that uses technology to ensure the signature may not be denied legal effect, validity, or enforceability.
IDENITITY: An attribute or set of attributes that uniquely describe a subject within a given context.
INTEGRITY: Maintaining the accuracy and completeness of data over its entire lifecycle.
NON-REPUDIATION: Assurance that the signer cannot deny the authenticity of their signature.
UNIFORM ELECTRONIC TRANSACTION ACT (UETA): Chapter 1A of Title 8, Code of Alabama 1975; provides legal recognition of electronic records, electronic signatures, and electronic contracts.
RECORDS DISPOSITION AUTHORITY (RDA): is a document that establishes disposition requirements by designating records as either temporary records, which may be destroyed after a specified retention period, or permanent records, which must be preserved. The RDA identifies records which must be maintained permanently by local governments or by a designated records repository and provides legal authority to destroy temporary records after approval by the ADAH Records Management Section.
1108.2 POLICY
The policy of the Lincoln Police Department is to formalize and standardize the departments electronic signature requirements for e-sign technologies, to sign department electronic records.
The use of electronic signatures by the Lincoln Police Department shall comply with federal and state standards and statutes. (e.g., Federal Information Processing Standards (FIPS) and Privacy Act, Alabama Uniform Electronic Transactions Act ("UETA"), Section 8-1A-1 et seq. of the Code of Alabama 1975)
1108.3 CREATION AND RETENTION OF ELECTRONIC RECORDS
Pursuant to Section 8-1A-17 of the Code of Alabama 1975, the Lincoln Police Department hereby affirms its commitment to generating and preserving electronic records, as well as converting written records into electronic format when authorized. This practice will be carried out in strict adherence to the regulations stipulated by the State Records Commission.
Furthermore, the Department is authorized to produce retrievable electronic records or copies, whether by optical scanning or alternative methods, to replicate paper original documents accurately. Subsequently, the original paper documents may be disposed of in accordance with the guidelines outlined in the Records Disposition Authority (RDA).
Certified electronic copies of original documents, when endorsed by an authorized Lincoln Police Department record custodian, hold admissibility in administrative proceedings, in alignment with the Act, and are recognized as the original document. It is essential to acknowledge that the electronic documents maintain the confidential or public document attributes of the original document.
1108.4 E-SIGN PROCESS
The electronic signature process shall meet security, legal, records management, and other department business requirements.
The process shall verify that all document approvers are able/allowed to sign the document electronically prior to initiating an e-sign transaction.
1108.5 E-SIGN TECHNOLOGY REQUIREMENTS
In accordance with Section 8-1A-18(b), the Lincoln Police Department's use of electronic records and electronic signatures will comply with the following requirements:
(a) Provide the signer with an identical copy of the original signed and executed document.
(b) Ensure non#repudiation; the signer cannot deny that he or she electronically signed the document.
(c) Capture information about the process used to capture signatures (i.e., create an audit trail), including but not limited to:
IP address
Date and time stamp of all events
All web pages, documents, disclosures, and other information presented
What each party acknowledged, agreed to, and signed
(d) Encrypt, end-to-end, all communication within the signature process. Encryption technologies shall comply with state encryption standards, including the requirements that cryptographic modules be validated to the current Federal Information Processing Standards (FIPS). [Adobe Sign, for example, uses RSA BSAFE Crypto-C]
1108.6 E-SIGN SYSTEM
(a) The e-sign system should provide a two-step signing process prior to submitting the document to ensure knowledge and intention verification:
The signer should acknowledge having read the on#screen document by selecting a checkbox or answering a challenge question prior to enabling the ability to provide an electronic signature.
2. The signer should then be allowed to electronically sign the document via the technology solution before submitting it.
(b) The e-sign system should be capable of two-factor authentication. Validating signer identity via email fulfills requirements for a legal electronic signature; however, there may be circumstances when a second authentication factor is desired. Examples of signer authentication include a password or verification code (something the signer has or receives from the sender) or may be knowledge-based (something the signer knows).
(c) The e-sign system should allow signers to sign with an ink signature and then scan and attach the document within the electronic signature process.
(d) The e-sign system should allow a flexible document retention policy capable of complying with Alabama State Records Commission requirements.
(e) To simplify long-term document retention requirements, the e-sign system should provide the ability to index, store, and retrieve the e-signed document in the system of record of your choice, not in the service provider's cloud storage.
(f) Assess the e-sign provider's security practices, track record, frequency of security audits, and compliance with IT security and data protection standards, including but not limited to ISO 27001, SOC 1/2/3, HIPAA, FIPS 140-2, FISMA, etc.
(g) The e-sign system should support and provide a secure electronic signature API to enable integration into web applications or business processes.
(h) The e-sign system should allow for use and signature on mobile platforms (e.g., Apple IOS and Android devices).
(i) If in-country data residency is a requirement, verify the locations of data centers used by the e-sign provider. Data location requirements should be specified in contracts with e-sign providers or in Service Level Agreements.
These policies and operating procedures are not designed to cover every possible scenario or situation in society, but rather to define standard operating procedures for members of the Lincoln Police Department. These guidelines are subject to past, present and future judicial review. These guidelines can be amended and or repealed by the Chief of Police as necessary. The policies and procedures herein provided supersede all previous policies and orders.