SAM—CONTRACTS

CHAPTER 1200 INDEX

INTRODUCTION 1200

STATE CONTRACTING MANUAL 1205

AUTHORIZATION OF AGREEMENTSState Agencies-Authorized SignaturesLocal Governmental Entities-Authority

1208

EXEMPTION FROM APPROVAL BY THE DEPARTMENT OF GENERAL SERVICES (DGS) 1215

CONTRACTS NOT EXEMPT FROM DEPARTMENT OF GENERAL SERVICES (DGS) APPROVAL 1216

CONTRACTS EXEMPT FROM CALIFORNIA STATE CONTRACTS REGISTER ADVERTISING AND COMPETITIVE BIDDING 1233

ELECTRONIC SIGNATURES, ELECTRONIC TRANSACTIONS AND ELECTRONIC RECORD MANAGEMENT POLICY 1240

SAM—CONTRACTS

INTRODUCTION 1200(Reviewed 6/14)

This chapter provides policy direction for state agencies for services, consultant services, interagency agreements, and architectural and engineering and minor public works contracts. Other types of contracts are covered in SAM Sections 5200 et seq.; 1450 et seq.; and 1300 et seq.

Rev. 426 JUNE 2014

SAM—CONTRACTS

STATE CONTRACTING MANUAL 1205(Reviewed 6/14)

Department of General Services, Office of Legal Services (DGS/OLS), has coordinated the effort to compile State Contracting Manual Volume 1 (SCM 1) which contains policies, procedures, and guidelines in securing necessary services for the state. The SCM1 and other OLS publications are available on the Internet at http://www.dgs.ca.gov/ols/Resources/StateContractManual.aspx.

SAM—CONTRACTS

Rev. 426 JUNE 2014

AUTHORIZATION OF AGREEMENTS 1208(Reviewed 6/14)

1. State Departments–Authorized Signatures

a. Authority to sign purchase documents is limited to those executive officers who either have statutory authority or have been duly authorized in writing by one who has statutory authority.

b. Anyone who signs a purchase document should have knowledge in the procurement laws, policies, and procedures pertaining to the goods or services being procured. If an individual with signature authority does not possess sufficient procurement knowledge and expertise, the individual should, prior to signing, have the purchase document reviewed by someone who possesses such knowledge and expertise.

c. Delegation of signature authority is a selective process and should be commensurate with experience with principles of sound contracting and procurement policies, demonstrated familiarity with the process of purchase document formation, execution, and administration, and completion of applicable training and/or certifications.

d. Each executive officer who has statutory authority to sign purchase documents shall ensure that his/her agency maintains a current written record of agency employees authorized to enter into and sign purchase documents on behalf of that agency. This written record shall be subject to DGS audit.

e. State Board’s and Commission’s purchase documents in excess of $5,000 must be accompanied by a copy of the resolution approving the execution of the purchase document, unless by statute the executive officer may sign the purchase document.

2. Local Governmental Entities–Authority

a. Purchase documents to be signed by a county, city, district or other local public body must be authorized by a resolution, order, motion or ordinance for the purchase document. A copy of the authorization should be sent to DGS/OLS with the purchase document.

b. Where performance by the local governmental entity will be complete prior to any payment by the state a resolution is not needed. Such instances are usuallyone-time events such as a room rental.

Rev. 421 MARCH 2013

SAM—CONTRACTS

EXEMPTION FROM APPROVAL BYTHE DEPARTMENT OF GENERAL SERVICES 1215(Revised 3/13)

1. All contracts must conform to the requirements for contracts as stated in statutes, regulations, and policy.

2. The law requires all contracts to be approved by DGS unless exempted or there is a delegation to an agency.

3. All contracts and interagency agreements (I/A) are subject to approval by DGS except:

a. Contracts of $50,000 or less, unless subject to the provisions of SAM Section 1216. See Government Code (GC) Section (§) 14616.

b. Contracts with specific statutory exemption from DGS approval. See Public Contract Code (PCC) § 10295.

c. Amendment to a contract or I/A that only extends the time for completion of performance for a period of one year or less. A contract may only be amended once under this exemption. See PCC § 10335.

d. Any contract for which the agency has a specific exemption letter from DGS under GC § 14616, or PCC §10351.

f. It is an I/A over $50,000 and less than $1,000,000 that uses the current GIAs (including SAM 8752 and 8752.1 cost provisions) without modification and that has no direct or indirect subcontracting (GC §11256), subject also to the following:

1. This I/A exemption does not apply when contracting with CSU, UC, or any other state agency that is a exempt from Division 2, Part 2 Chapter 2 of the Public Contract Code (PCC § 10290 et seq.);

2. Agencies shall not use I/As to circumvent any state law or contracting requirements;

3. Agencies shall not use I/As to obtain any third-party IT goods or services nor any third-party non-IT goods or services;

4. DGS reserves the right to audit exempt contracts at the contracting agency’s expense;

5. If DGS determines an agency is failing to abide by the conditions of this exemption, DGS reserves the right to revoke the exemption such that that agency would then be required to submit to DGS for approval all I/As of $5,000 or more (or such other amount as DGS establishes when revoking or reducing this exemption);

6. DGS is establishing this I/A exemption on a pilot basis, and DGS will evaluate outcomes to determine whether to modify, continue, or discontinue the exemption.

(Continued)

SAM—CONTRACTS

Rev. 421 MARCH 2013

(Continued)EXEMPTION FROM APPROVAL BYTHE DEPARTMENT OF GENERAL SERVICES 1215 (Cont .1)(Revised 3/13)

Although these contracts do not require DGS/OLS approval, review/approval services are available on request for any contract, regardless of value.

4. Considerations Related to Exempt Contracts

a. No contract which exceeds $75,000 will be exempt from DGS review, without specific statutory authority.

b. A copy of each exempt contract or I/A is to be retained in the agency’s file for three years from the date of the final payment.

c. Where the performance is other than monetary, such consideration must be valued on a monetary basis for the purpose of determining whether approval of DGS is required.

d. Any state agency that enters into or expects to enter into more than one consulting services contract with the same individual, business firm, or corporation within a 12-month period for an aggregate amount of fifty thousand dollars ($50,000) or more, shall notify DGS in writing and shall have each contract that exceeds an aggregate amount of fifty thousand dollars ($50,000) approved by DGS.

e. Splitting of contracts to avoid any monetary limitations is prohibited. If it is found that more than one contract has been awarded to a single contractor in any one year for work normally considered one undertaking, and the total of the contracts exceeds $4,999, the agency may be denied the exemptions from DGS approval as granted in this and other sections of SAM.

f. Revenue and reimbursable contracts are to be submitted to DGS under the same dollar categories as other contracts.

g. Master agreements are to be submitted to DGS regardless of the dollar amount. Contracts or subscription agreements pursuant to a master agreement are to be submitted to DGS under the same dollar categories as other contracts.

SAM—CONTRACTS

Rev. 421 MARCH 2013

CONTRACTS NOT EXEMPT FROMDEPARTMENT OF GENERAL SERVICES APPROVAL 1216(Revised 03/13)

Any contract containing any of the following provisions shall be subject to approval by DGS even though it may also be one of the types otherwise exempted from approval:

1. Contracts of hazardous nature regardless of dollar amount require review by DGS OLS.

Any provision whereby the state agrees to indemnify or save harmless any party to the contract or any third person against or on account of any claim, liability, or matter arising out of, or connected with the contract; or any provision which limits the contractor’s liabilities.

3. Any provision whereby the state agrees to assume responsibility for matters beyond its control (e.g., in rental contracts, a promise to assume full responsibility for damage to rented equipment, regardless of the cause of damage).

4. Any provision calling for payment of rental or other services in advance.

5. Any provision creating a contingent liability against the state (e.g., vendors’ printed rental contracts frequently contain clauses obligating the user of rented equipment to serious contingent liabilities).

6. Contracts that seek to modify the state’s standard terms and conditions (GTCs, CCCs, GIAs).

SAM—CONTRACTS

Rev. 421 MARCH 2013

CONTRACTS EXEMPT FROM CALIFORNIA STATE CONTRACTSREGISTER ADVERTISING AND COMPETITIVE BIDDING 1233(Revised 03/13)

Competitive bidding is required unless there is a legally authorized basis for bid exemption. Key exemption categories are identified below.

A. Statutory Exemptions

1. Contracts of less than $5,000 (PCC §§ 10335(a), 10335.5(c)(5)).

2. Contracts of less than $5,000 where only per diem or travel expenses, or a combination thereof, are to be paid (PCC § 10335(a)).

3. Emergency contracts. The work or service is for the immediate preservation of the public health, welfare, safety, or protection of state property (PCC § 1102, 10340).

4. Interagency agreements. Contracts with other California state agencies, and California State University and University of California campuses (PCC §§ 10335(a), 10340(b)(3); GC § 11256; see also SCM 1, section 3.03.).

5. Contracts with other public entities, including contracts with another state, local, or federal agency, auxiliaries of CSU or the California community colleges; or an organization acting as a governmental agency under a joint powers agreement (PCC §§10335(a), 10340(b)(3); see also SCM 1, section 3.06.A ).

6. Contracts solely for the purpose of obtaining expert witnesses for litigation (PCC § 10335.5(c)(3).

7. Contracts for legal defense, legal advice, or legal services by an attorney or the attorney’s staff (PCC § 10335.5(c)(4)).

8. Community Based Rehabilitation Program (CRP). Contracts with business entities operating Community Based Rehabilitation Program (CRP), that are justified under one of the exceptions in GC § 19130(b), and that meet the criteria established by Welfare and Institutions Code §1 9404 (PCC §10340). Note: Contracts with CRPs that are justified under GC § 19130(a) are required to be competitively bid.

9. Small Business/Disabled Veteran Business Enterprise (SB/DVBE) Option (GC § 14838.5; PCC §§ 10335.5(c)(6), 10340(b)(6)).

a. This option allows for an award under the following conditions:

1) The contract is awarded to a certified SB, micro-business or DVBE;

2) The contract award is greater than $5,000 and less than $250,000; and

3) Quotes were received from at least two certified SBs or micro-businesses; or two certified DVBEs.

(Continued)

SAM—CONTRACTS

Rev. 421 MARCH 2013

(Continued)CONTRACTS EXEMPT FROM CALIFORNIA STATE CONTRACTSREGISTER ADVERTISING AND COMPETITIVE BIDDING 1233 (Cont. 1)(Revised 03/13)

b. An award based on receiving only one quote is not permitted under this method.

c. Mixing quotes (e.g. one SB and one DVBE) is not permitted under this method.

d. The code does not expressly require award to the low quote, however, if award will be made by other than low quote, the agency must document the business reasons and cost reasonableness basis for selecting the other quote.

e. No particular format or timing is required under this option. Agencies have discretion as to how to obtain the quotes. Agencies should provide vendors sufficient information about the services on which the vendors can formulate a quote, including copy of the proposed contract (e.g. scope, payment provisions, and terms).

f. The SB preference is not applicable under this method.

g. There is no protest right for this method. (GC §14838.5) Therefore agencies should not cite protest provisions when soliciting quotes.

h. Use of this method is capped at $250,000 for the entire contract term, including any option years and/or amendments. If an agency believes the contract may exceed $250,000, they should use a different solicitation method, such as an IFB or RFP. If quotes come in over $250,000, the agency would need to resolicit, either scaling down the project to lower the quotes or using a different solicitation method.

i. For public works, the dollar range for which this two-quote method can be used is $5,000 to $270,000 (or other project cost limit amount as may periodically be issued by the Director of Finance pursuant to PCC § 10105) (GC § 14838.7.)

10. Contracts for the development, maintenance, administration, or use of licensing or proficiency testing examinations (PCC § 10340(b)(7)).

11. Other Specific Statutory Exemption. The STD 215 should identify the statutory citation supporting the exemption.

(Continued)

SAM—CONTRACTS

(Continued)CONTRACTS EXEMPT FROM CALIFORNIA STATE CONTRACTS REGISTER ADVERTISING AND COMPETITIVE BIDDING(Revised 03 /13)

1233 (Cont. 2)

Rev. 421 MARCH 2013

B. DGS Approved Exemptions (PCC §10348)

1. Non-Competitive Bid (NCB) or Special Category Request (SCR)

a. An NCB transaction (formerly “sole source”) is a contract for goods or services or both when only a single business enterprise is afforded the opportunity to provide the specified goods or services.

b. Executive Order on NCBThe Governor’s Executive Order, D-02-55, issued effective May 20, 2002, rescinded the previous sole source Executive Order W-103-94 and all management memos related to that Executive Order.

c. The NCB form with instructions and signature requirements can be found on the DGS/PD website. See also SCM volume 2 (SCM 2 ).

d. An SCR is similar to an NCB but involves a group of related contracts rather than a single contract. The SCR form and further information can also be found on the DGS/Procurement Division website and in SCM 2 .

2. DGS Categorical Exemptions (PCC § 10348; historical references: SAM Section 1233, Management Memo (MM) 03-10).

a. Services contracts using a DGS Leverage Purchase Agreement;

b. Subvention and local assistance contracts as defined in SCM 1, section 3.17. This exception applies only when services are provided to the public and not specifically to a state agency;

c. Maintenance agreements under $250,000 per year for equipment that is under documented warranty, or where there is only one authorized or qualified representative or where there is only one distributor in the area for parts and services under $250,000.00 per year;

d. Contracts where the state is unable to compete and select a different contractor because a contractor has already been selected by a federal, state, city, county, or other regulatory entity to perform a service in a specific geographical area (e.g., refuse and/or sewage disposal contracts where there is an exclusive franchise agreement that has no exception for the state);

e. Public entertainment contracts for state-sponsored fairs and expositions;

f. Contracts that can only be performed by a public entity as defined in Unemployment Insurance Code Section 605(b);

g. Contracts for conference or meeting facilities, including room accommodations for conference attendees, not to exceed $250,000;

(Continued)

SAM—CONTRACTS

Rev. 421 MARCH 2013

(Continued)CONTRACTS EXEMPT FROM CALIFORNIA STATE CONTRACTSREGISTER ADVERTISING AND COMPETITIVE BIDDING 1233 (Cont. 3)(Revised 03 /13)

h. Contracts for ambulance services (including but not limited to 911) when there is no competition because the contractor is designated by a local jurisdiction for the specific geographic region; (historical reference: MM 05-04.)

i. Contracts for emergency room hospitals, and medical groups, physicians, and ancillary staff providing services at emergency room hospitals, when a patient is transported to a designated emergency room hospital for the immediate preservation of life and limb and there is no competition because the emergency room hospital is designated by a local emergency medical services agency and medical staffing is designated by the hospital. This exemption covers only those services provided in response to the emergency room transport; (historical reference: MM 05-04.)

j. Contracts with health maintenance organizations (HMOs) through a cooperative agreement with the Centers for Medicare and Medicaid Services (CMS) to pay monthly premium payments for medical/Medicare eligible members, where services are essential or necessary for health and safety;

k. Proprietary subscriptions, proprietary publications and/or technical manuals regardless of media format, up to $250,000. This includes access to pre-existing proprietary research data through a non-IT services contract, however “subscription” is not intended to include the performance of any personal services (such as, but not limited to, consulting, advice, research);

l. Rental of proprietary postage meters if they are interfaced and intermembered with existing mailing equipment and there is only one authorized manufacturer’s branch or qualified dealer representative providing services for a manufacturer in a specified geographical area. This exemption applies only in circumstances where annual postage meter rental services are less than $100,000;

m.Departmental memberships in professional organizations provided it is solely a membership and does not include the performance of any personal services. Note: Memberships for represented employees are governed by applicable collective bargaining agreements and memberships for non-represented employees are governed by CalHR rules; (See SCM 1, section 3.23 .)

n. Contracts for non-IT services training for state personnel if the cost of the training contract does not exceed $50,000 and the cost of multiple training contracts with a single contractor does not exceed $50,000 cumulatively in any 12-month period. (Historical reference: MM 11-05.) The exemption is for pre-existing training courses; it does not cover development of training or other personal or consulting services. Agencies shall not split contracts to avoid competitive bidding or other contract requirements. Agencies with recurring training needs should assess the cumulative amounts departmentally and generally should go out to bid if there are ongoing and/or department-wide needs.

(Continued)

SAM—CONTRACTS

ELECTRONIC SIGNATURES, ELECTRONIC TRANSACTIONS AND 1240ELECTRONIC RECORD MANAGEMENT POLICY(New 8/2018)

Purpose

This policy identifies the permissible types of E-Signatures and requirements for the use of electronic signatures (hereafter “e-signatures” or e-sign), automatic or electronic transactions, and electronic records (hereafter “e-records”) in conducting state business operations.

Policy

The Department of General Services permits the use of the following Electronic Signatures, Transactions and Record Management activities in conducting state business:

E-Signatures: State agencies may accept permissible types of e-signatures from all parties as legally binding and equivalent to handwritten signatures to signify an agreement. Each type of e-signature will include the date the document was signed. Where state or federal laws, regulations, or rules require a handwritten signature, that requirement is met if the document contains an e-signature unless otherwise prohibited by policies, laws or regulations.1 Electronic documents must clearly and unambiguously show the chain of approval of all parties required to sign that document.

Electronic Transactions: Most purchase orders, contracts, and other contracting documents can now be executed electronically. State agencies may also accept bids, proposals, quotes, and offers with electronic signatures at their discretion.

In some cases, state agencies are required to use electronic signatures when transacting in the Fiscal Information System for California (FI$Cal). Conversely, some documents will still need to be submitted to DGS in paper format for the time being, due to technical limitations. These requirements will change over time as technology adoption improves.

DGS will maintain current guidance on transactions that must be conducted electronically, and on documents that must be submitted to DGS in paper format, in the State Contracting Manual.

(Continued)

ELECTRONIC SIGNATURES, ELECTRONIC TRANSATIONS AND ELECTRONIC RECORD MANAGEMENT POLICY(New 8/2018)

1240 (Cont.)

(Continued)

Recordkeeping Requirements: An e-record may serve as the official copy of a procurement-related document. All relevant records, including e-records, shall be maintained in a reliable recordkeeping system. Business conducted by electronic means shall be fully documented to meet recordkeeping requirements, including procurement file documentation and information security requirements. Records shall be retained or disposed of in accordance with the approved records retention schedules stated in California State Records and Information Management (CalRIM) as supported by the State Contracting Manual (SCM) and the State Administrative Manual (SAM) 1600 et seq.

Scope

This policy applies to all transactions governed by the State Contracting Manual (all volumes) and/or conducted by the Department of General Services (DGS) Procurement Division. This policy enables state agency staff to conduct many transactions electronically, to accept e-signatures by other parties, and to sign agreements on the agency’s behalf by using an e-signature. This policy does not waive or modify any requirement or limitation as to which officers and employees are authorized to bind their agency to a contract.

Use of E-Signatures is Generally Optional

Except in cases where DGS has specifically required a type of transaction or document to be executed electronically, accepting e-signatures or maintaining e-records is not mandatory under this policy. Each state agency may exercise at its discretion to conduct a transaction on paper or in non-electronic form. Furthermore, it does not affect a state agency’s right or obligation to have documents be provided or made available on paper when required by applicable policies, laws or regulations.

Background

Federal legislation known as the Electronic Signatures in Global and National Commerce Act made both electronic contracts and electronic signatures (e-signatures) as legal and enforceable (with some exceptions) as traditional paper contracts signed in person.Following the federal government’s lead, California adopted the Uniform Electronic Transactions Act (California Civil Code (CIV) § 1633.1-1633.17) which establishes the legal validity of e-signatures and contracts in a manner similar to the federal law.California law was revised to make clear that the state is authorized to use any type of e- signature. See AB 2296 (Chapter 144, Statutes of 2016), effective 1/1/17.

(Continued)

ELECTRONIC SIGNATURES, ELECTRONIC TRANSACTIONS AND ELECTRONIC RECORD MANAGEMENT POLICY(New 8/2018)

1240 (Cont.)

(Continued)

E-Signature Approvals

When an electronic document is emailed to DGS, the chain of approval of all those required to sign that document must be clear and unambiguous. All parties required to sign must have unequivocally approved the same document. For example, to demonstrate all approvers sign the same NCB Justification, a. PDF copy of that NCB must be emailed to DGS with a legally binding signature from each approver attached, and all approvers must be copied on the email.

There may be instances where the submission of an electronic document is unclear and more substantiation will be required by DGS.

A valid electronic document must include an email trail that includes all approvers. Each approval must be clear and unequivocal.

The following statement is an example of a clear and unequivocal approval:

“I approve the attached document [specify document name, number or other specific document ID].”

The following statement is not an example of a clear and unequivocal approval:

“I approve if specified revisions are made to #3 and #9.”

History of Approvals and Corrections Required: A chain of approval demonstrates a history of approvals for the electronic document. If corrections are necessary, an email with the requisite “I approve the attached revised document [specify document name, number of other specific document ID]” is needed.

It must be clear that each approver has approved the same document and that document is attached. The chain of approval must be attached to the submission email and the approvers must also be copied on the email (with subject document attached) sent to DGS. By law or policy, some approvers are enabled to authorize others (designees) to sign on their behalf. An approval of a document by an authorized designee is acceptable; however, both the requisite approver and his/her designee must be copied on the email sent to DGS.

Electronic approvals made through FI$Cal meet the approval chain requirements.

(Continued)

ELECTRONIC SIGNATURES, ELECTRONIC TRANSACTIONS AND ELECTRONIC RECORD MANAGEMENT POLICY(New 8/2018)

1240 (Cont.)

Types of E-Signatures Permitted for Use by State Agencies

Only the following types of e-signatures (further defined below) can be used by state agencies.

• A typed name• FI$Cal approvals• A recorded voice• Personal Identification Number (PIN)• Password (composed of numbers, symbols and/or alpha characters• Digitized image of handwritten signature (e.g. PDF copy of Word document• Identification number created using a number generator• Digital Signature

Electronic Record Management

Each state agency will maintain a written policy that designates responsibilities and describes methodologies that accurately document the overall management of the recordkeeping system. The recordkeeping policy should be integrated into the state agency’s business processes so that all records are immediately captured and are secure so as to always be easily recovered by authorized staff. Only authorized personnel shall be permitted and enabled to create, capture, or purge e-records. E- records should be accessible and retrievable in a timely manner throughout their retention period.

Recommendations for Implementation

Each state agency should work with its management, legal counsel, Information Security Officer (ISO), and Privacy officer to implement e-signature policies including:

• Identify which transactions (if any) it does not want to execute with - signatures;• Consider whether to adopt a uniform department-wide e-signature

methodology, set parameters for using different methodologies, or establish different rules for various divisions;

• Determine what level(s) of authority can execute e-signatures;• Decide what dollar levels will require e-signatures by which level(s) of authority;• Implement requisite security and privacy protection procedures;

(Continued)

(Continued)

(Continued)

ELECTRONIC SIGNATURES, ELECTRONIC TRANSACTIONS AND 1240 (Cont.)ELECTRONIC RECORD MANAGEMENT POLICY(New 8/2018)

Recommendations for Implementation (Cont.)

• Obtain an approval from ISO and AISO (Agency ISO) if applicable, on the security controls for signed documents.

• Create and periodically update a list of positions and/or personnel authorized to execute e-signatures;

• Designate backups in case of unavailability of authorized signatories;• Maintain a database of e-signed transactions, which can be reviewed for

transaction type, dollar amount, contract length, names of signatories, and level of authority of signatories;

• Document problems encountered with e-signatures (e.g., contractual disputes, unauthorized expenditures, missing transactions, unwilling vendors, overeager signatories, internal resistance, training problems, security issues, oversight concerns, etc.);

• Review database and documented problems after a trial run (e.g., six months of e-signatures) and adjust departmental e-signature practices as appropriate;

• Revise departmental records management policy as needed to ensure retention of e-signed transaction records for the required length of time.

Definition of Key Terms

E-signature involves a number of key terms which are defined in CIV Section 1633.2, including:

• Automated transaction means a transaction conducted or performed, in whole or in part, by electronic means or electronic records, in which the acts or records of one or both parties are not reviewed by an individual in the ordinary course in forming a contract, performing under an existing contract, or fulfilling an obligation required by the transaction.

• Electronic means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.

• Electronic agent means a computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part, without review by an individual.

(Continued)

ELECTRONIC SIGNATURES, ELECTRONIC TRANSACTIONS AND ELECTRONIC RECORD MANAGEMENT POLICY(New 8/2018)

1240 (Cont.)

(Continued)

Definitions of Key Terms (Cont.)

• Electronic record means a record created, generated, sent, communicated, received, or stored by electronic means.

• Electronic signature means an electronic sound, symbol, or process attached to or logically associated with an electronic record and executed or adopted by a person with the intent to sign the electronic record. For purposes of this title, a “digital signature” as defined in subdivision (d) of Section 16.5 of the Government Code is a type of electronic signature.

• Information means data, text, images, sounds, codes, computer programs, software, databases, or the like.

• Record means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.

• Security procedure means a procedure employed for the purpose of verifying that an electronic signature, record, or performance is that of a specific person or for detecting changes or errors in the information in an electronic record. The term includes a procedure that requires the use of algorithms or other codes, identifying words or numbers, encryption, or callback or other acknowledgment procedures.

• Transaction means an action or set of actions occurring between two or more persons relating to the conduct of business, commercial, or governmental affairs.

Additional Terms

In addition to the definitions provided by law, understanding what an e-signature requires understanding several other key terms:

• Wet or original signature is created when a person physically writes a name in a stylized, cursive format (or even a simple “X”) on a piece of paper.

• User Authentication is the process of securely verifying the identity of an individual prior to allowing access to an electronic service.

• User Authorization involves verifying that an authenticated user has permission to access specific electronic services and/or perform certain operations.

(Continued)

(Continued)

ELECTRONIC SIGNATURES, ELECTRONIC TRANSACTIONS AND ELECTRONIC RECORD MANAGEMENT POLICY(New 8/2018)

1240 (Cont.)

Permissible Types of E-Signatures Explained

The permissible types of e-signatures are explained below.

• Name Typed into a Document: When signing a document electronically online, a showing of intent to enter into an agreement is required to create a binding electronic record. A document needs to be tied to the signature itself with a statement (e.g., “I agree” or “I accept”) before typing in one’s name. Note: Simply providing a signature or signature block at the end of an email or electronic record without an indication of agreement will not be considered a legal signature under this policy. Note Also: Standard agreement and purchase order forms (i.e., STD. 210, STD. 213, STD. 213A, STD. 215 and STD. 65) already contain sufficient indications of agreement and may be signed as written.

• FI$Cal Approvals: Electronic forms (such as “Requisition”) available in FI$Cal and some uploaded documents/forms can be approved electronically. These are approved electronic business transactions.

• Recorded Voice: While a voice recording could be considered an electronic signature, simple voice recordings may not establish intent of agreement. Many voice systems include an additional step such as keypad verification to confirm agreement. To use a recorded voice as an e-signature, it must:

o Be associated with the speaker;o Be associated with a specific document or record;o Show evidence of the speaker’s intent to be bound to the terms and

conditions in that specific document or record;o Be captured in electronic format.

• Personal Identification Number (PIN) or password: When using a PIN or password for an e-signature, a person accessing an application is requested to enter identifying information, which may include an identification number, the person’s name and a "shared secret" (called "shared" because it is known to both the user and the system), such as a PIN and/or password. The system checks that the PIN and/or password is indeed associated with the person accessing the system and "authenticates" the person. Sometimes the entry of some personal information (e.g., name, date of birth or gender) along with the PIN and password is also required.

(Continued)

ELECTRONIC SIGNATURES, ELECTRONIC TRANSACTIONS AND ELECTRONIC RECORD MANAGEMENT POLICY(New 8/2018)

1240 (Cont.)

Permissible Types of E-Signatures Explained (Cont.)

(Continued)

For low risk or low value transactions, the person may define a PIN and/or password after supplying minimal identifying information that may or may not be verified. The strength of the password can provide additional security. Medium and high risk transactions often require a password consisting of a combination of letters, numbers, and special symbols at least eight (8) characters in length. The user might be forced to authenticate using a security token, a digital certificate, and/or a secondary password.

• Digitized Image of Hand Written Signature: A digitized signature is a graphical image of a handwritten signature. Some applications require a person to create a handwritten signature using a special computer input device, such as a digital pen and pad. Digitized signatures are most often used in face-to-face consumer transactions using credit cards. Some applications can compare the digitized representation of the entered signature with a stored copy of the graphical image of the signature. A digitized signature may be another form of shared secret known both to the person and to the system. Forging a digitized signature can be more difficult than forging a paper signature because the technology that compares the submitted signature image with the known signature image is more accurate than the human eye.

• Biometrics: Individuals have unique physical characteristics that can be converted into digital form and then interpreted by a computer. Among these are voice patterns, fingerprints, face recognition, DNA, palm print, gait analysis, hand geometry, retinal scanning, and/or iris recognition. In this approach, the physical characteristic is measured (by optical reader, microphone, or some other device) and converted into a digital form or profile. These measurements are compared to a profile of the given biometric stored in the computer and authenticated beforehand as belonging to a particular person. If the measurements and the previously stored profile match, the software will accept the authentication and the transaction is allowed to proceed.

• Digital Signatures: There are two main types of digital signatures, one using Symmetric Cryptography and the other using Asymmetric Cryptography. The California Secretary of State has required that digital signatures can only be certified by entities that are on its approved list of Digital Signature Certification Authorities. See California Code of Regulations, Title 2, § 22003(a)(6)(B).

(Continued)

ELECTRONIC SIGNATURES, ELECTRONIC TRANSACTIONS AND ELECTRONIC RECORD MANAGEMENT POLICY(New 8/2018)

1240 (Cont.)

Permissible Types of E-Signatures Explained (Cont.)

• Shared Private Key (Symmetric) Cryptography: In this e-signature method, a person electronically signs using a single cryptographic key that is not publicly known, for authentication purposes. The same key is used to sign a document and verify the signer’s identity, and is shared between the signer and the entity hosting the transaction requiring the signature.

• Public/Private Key or (Asymmetric Cryptography): To produce a digital signature, two mathematically linked keys are generated— a private signing key that is kept private, and a public validation key that is publicly available. The two keys are mathematically linked, but the private key cannot be deduced from the public key. The public key is often made part of a "digital certificate," which is a digitally signed electronic document binding the individual’s identity to a private key in an unalterable fashion. Digital signatures are often used within the context of a Public Key Infrastructure (PKI) in which a trusted third party known as a Certification Authority binds individuals to private keys and issues and manages certificates.