HomeMy WebLinkAboutResolution No. R2025-08 RESOLUTION NO. R2025-08
A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF FRIENDSWOOD, TEXAS,
APPROVING THE ELECTRONIC SIGNATURE POLICY IN ACCORDANCE WITH THE
UNIFORM ELECTRONIC TRANSACTIONS ACT; AND PROVIDING FOR AN EFFECTIVE
DATE.
***********xxxxxxxx*****xxxxxx*******************w* ***************************xxxxxxx*****
WHEREAS,the Texas Uniform Electronic Transactions Act(the"Act")authorizes and gives legal effect to
electronic records,electronic signatures,and electronic contracts;and
WHEREAS,pursuant to Section 2054.060 of the Texas Government Code, a digital signature may be used
to authenticate a written electronic communication sent to the City of Friendswood if it complies with the rules
adopted by the City Council;and
WHEREAS, the City Council of the City of Friendswood recognizes electronic signatures are becoming a
routine way of conducting business and that formal rules governing the use of electronic signatures by the City are
necessary;and
WHEREAS, the City Council of the City of Friendswood finds that adopting formal rules will enable the
City to incorporate electronic signature technology into its electronic workflow processes;and
WHEREAS,the City Council of the City of Friendswood finds its rules are consistent with those of the Texas
Department of Information Resources;and
WHEREAS, the City Council desires to adopt an electronic signature policy incorporating the
aforementioned rules;NOW THEREFORE,
BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF FRIENDS WOOD,STATE OF TEXAS:
Section 1. That the facts and matters set forth in the recitals of this resolution are hereby found to be
true and correct.
Section 2. That the City Council of the City of Friendswood, Texas, hereby adopts the Electronic
Signature Policy for the City of Friendswood, which policy is attached hereto as Exhibit "A" and incorporated
herein for all intents and purposes.
Section 3. That the City Manager is authorized to adopt administrative directives necessary to
implement the policy adopted in Section 2 hereof.
Section 4. That this resolution shall be effective immediately upon its passage and approval.
INTRODUCED, READ and PASSED by the affirmative vote of the City Council of the City of
Friendswood on this the 3rd day of March,2025.
I F MA Mayor
ATT .
ps
O FFtIEN15
LETICIA BRYSCH,City Sec
APPROVED AS TO FORM: co
TE OF —
KAR N .HORNER,City Attorney
H:\City CounalUtesolutions\2025\03-03-2025\Resolution-Electronic Signature Policy Policy docx
Exhibit "A"
CITY OF FRIENDSWOOD
ELECTRONIC SIGNATURE POLICY
1. Policy Statement
The City of Friendswood (the "City") adopts electronic signatures as a means of signing
documents and records to promote paperless processing, to reduce the reliance on and cost of
paper transactions,and to allow quicker access to documents.
2. Policy Purpose and Scope
The purpose of this policy is to increase efficiency by adopting electronic signatures as an
alternative to manual signatures on paper documents and to provide a process by which the City
may incorporate electronic signature technology into its electronic workflow processes. The City
recognizes electronic signatures are becoming a routine way of conducting business and that
formal rules governing the use of electronic signatures by the City are necessary. This policy
applies to all City departments and divisions that desire to use electronic signatures to conduct
transactions both internal and external to the City.
3. Definitions
When used in this policy,the terms defined in this section shall have the meanings ascribed to them,
except where the context clearly indicates a different meaning. Additionally, unless otherwise
defined in this policy,terms having specific meanings shall have the meaning defined in the Texas
Uniform Electronic Transaction Act(UETA).
Certification authority means a person or entity that issues a digital certificate, which
person or entity may be the same as the electronic signature system provider.
Digital certificate or certificate means an electronic document that: (i) uses a digital
signature to bind together a public key with an identity(person's name or an organization)
to a private key in an unalterable fashion; and (ii) contains the digital signature of the
certification authority so that anyone can verify that the certificate is authentic and the
certificate can be used to identify the party sending the message without encrypting the
text.
Digital signature means an electronic identifier intended by the person using it to have the
same force and effect as the use of a manual signature. Digital signatures are a subset of
electronic signatures and require the use of two mathematically related keys(i.e.,a public
and private key pair,often referred to as Public Key Infrastructure or PKI).
Document means any signed communication which,in the course of an official transaction,
becomes a government record. This includes records created or formatted electronically.
Electronic means relating to technology having electrical, digital, magnetic, wireless,
optical or electromagnetic,or similar capabilities.
Electronic record means a record of information that is created, generated, sent,
communicated,received or stored by electronic means and that is retrievable in perceivable
form.
Electronic signature means an electronic symbol or process attached to or logically
associated with a record and executed or adopted by a person with the intent to sign the
Electronic Signature Policy,Page 1
record. For purposes of this policy, the term electronic signature shall include digital
signature and shall also include the following types of signatures:
a. Cryptographic technologies, including the following:
(1) Shared symmetric key cryptography, in which the user signs a Document
and verifies the signature using a single,encrypted binary key; and
(2) Public/private key(asymmetric)cryptography,which refers to a particular
type of electronic signature that is created by cryptographic means
involving the use of two mathematically related keys (i.e., a public and
private key pair,often referred to as public key infrastructure or PKI),that
is unique to the person using it, that is solely controlled by said person,
that is capable of independent verification, and that is linked to the
document in such a way that it would be computationally infeasible to
change the data in the document or the digital signature without
invalidating the digital signature;and
b. Non-cryptographic technologies, including the following:
(1) Personal identification number ("PIN") or password, in which a user
accessing an electronic application is requested to enter a "shared secret"
(called "shared" because it is known both to the user and to the system),
such as a password or PIN.
(2) Smart card,which is a plastic card,the size of a credit card,containing an
embedded integrated circuit or a chip that can generate, store, and/or
process data.
(3) Digitized signature,which is a graphical image of a handwritten signature.
(4) Facsimile signature,when the reproduction of the manual signature is in a
graphic image format,the facsimile signature may be a digitized signature.
(5) Signature dynamics,which is a signature digest consisting of handwriting
measurements of the person signing the message, such as a supermarket's
credit card signature pad.
Electronic signature system provider or service provider means a person or entity that
performs services pertaining to the issuance or verification of Digital Certificates.
Facsimile signature means reproduction of the manual signature of an authorized officer
that is made by any method,including engraving,imprinting,lithographing,and stamping.
IT Department means the Information Technology Department of the City.
Manual signature or wet signature means a name or any distinct mark on a Document
created by a person physically using ink on a paper document.(A scanned copy of a manual
signature will be a subset of electronic signatures--specifically a digitized signature.)
Electronic Signature Policy,Page 2
Record means information that is inscribed on a tangible medium or that is stored in an
electronic or other medium and that is retrievable in perceivable form.
Security procedure means a procedure employed for the purpose of verifying that an
electronic signature, record, or performance is that of a specific person or for detecting
changes or errors in the information in an electronic record;it includes the use of algorithms
or other codes, identifying words or numbers, encryption, callback, or other
acknowledgment procedures.
SOC report means and refers to the Service Organization Control auditing reports that are
issued in compliance with the SSAE18 standard.
SSAE18 standard means the Statement on Standards for Attestation Engagements No. 18
auditing standard set by the American Institute of Certified Public Accountants.
Texas Uniform Electronic Transactions Act or Texas UETA means and refers to the Texas
Business and Commerce Code, Chapter 322,et seq., as amended from time to time.
Transaction means an action or set of actions occurring between two or more persons
relating to the conduct of business,commercial,or governmental affairs.
Verification means the process of ensuring that a given digital signature is valid and
positively identifies the originator of a message or record.
4. Authority and Effect of Electronic Signatures
4.01 In accordance with the Texas UETA,where policies, laws,regulations,and rules require
a written document or signature,that requirement is met if the document or signature is,
respectively, an electronic record or contains an electronic signature, subject to certain
exceptions stated in this policy or as otherwise required by law.
4.02 Electronic signatures shall not be used, and shall have no binding authority or effect on
City records,where electronic signatures are prohibited by law or by other City policies
or where a law prohibits a transaction from occurring electronically.
4.03 If a law requires an electronic signature to contain specific elements,then the electronic
signature must contain the elements specified by law.
4.04 This policy shall not preclude the use of any other types of signatures, including without
limitation, manual signatures or facsimile signatures.
4.05 This policy shall not limit,alter,modify,or otherwise affect any requirement imposed by
law relating to: (a) authority, obligations, or procedures required for manual signature;
(b) the proper procedures and authorization necessary to execute City records; (c)
requirements to legally bind or obligate the City under any contract or agreement;and/or
(d) the legal effectiveness, validity, or enforceability of any City record, including any
contract or agreement, signed electronically in violation of any such laws.
4.06 All laws regarding signing City records shall apply to electronic signatures and electronic
records,including all laws regarding signing,adopting,entering it,or executing contracts,
Electronic Signature Policy,Page 3
agreements, purchase orders, statements of work, ordinances, leases, licenses, and any
other document purporting to be legally binding upon or otherwise obligating the City.
4.07 In the event that any non-City electronic signature is found by the City Manager to have
been used or applied to a City record or certified in violation of this policy or any other
law, said electronic signature shall be treated the same as a manual signature found to be
applied to a City record in violation of Texas law.
4.08 In the event that any electronic signature is found by the City Manager to have been used
or applied to a City record or certified in violation of this policy or any other law, the
electronic signature shall be null and void and the City record signed electronically using
the unlawful, fraudulent, unauthorized or otherwise improper electronic signature shall
also be: (a)null and void;(b)discontinued;and(c)unenforceable against the City.
4.09 If a law requires that a record be retained, that requirement is satisfied by retaining an
electronic record of the information in a record that is trustworthy and accurately reflects
the information set forth in the original record and that shall remain accessible for later
reference. When the requirements for retention require an original form, retention by an
"electronic form" shall provide and satisfy the retention requirement.
5. Establishing an Electronic Signature System for Use by a City Department
5.01 In order for an electronic signature system to be used by a City department,the City's IT
Department must first certify said system.
5.02 The IT Department shall select an appropriate electronic signature system(s), and
recommend such to the City Manager (or to the City Council if required by the City's
Purchasing Policy)for final approval.
5.03 During the certification process, the IT Department will consider factors including, but
not limited to,the following:
a. Service provider's inclusion on the Texas Department of Information Resources'
"Approved List of PKI Service Providers," if PKI is the type of cryptography
technology that the service provider utilizes in its signature system;
b. Service provider's ability to maintain the electronic records and signatures in a
manner that efficiently and reliably preserves and protects the information over
time so that it may be used for recognized governmental and legal purposes;
c. System must be able to ensure that the signatory cannot reasonably deny signing
or sending a Document;
d. System must be able to fulfill the requirements of a record being "sent" and
"received" (as those terms are described in the Texas Business and Commerce
Code, Section 322.015,as amended);
e. System must be able to produce an electronic record that: (i) is trustworthy and
accurately reflects the information set forth in the record after it was first
generated in its final form as an electronic record or otherwise; and(ii)remains
accessible for later reference by all parties to the transaction;
Electronic Signature Policy,Page 4
f. Service provider's system's effect on financial and legal liability of the City;
g. System's ability to protect the City's and users' sensitive information in terms of
legal liability(civil or criminal),privacy,and confidentiality;
h. System's capability of long-term preservation(of both signature and record)in a
format that will be supported for a duration consistent with the City's retention
responsibilities;
i. System must be reasonably compatible with relevant software applications;and
j. System's effect on the City's transactional and systemic risk.
5.04 The City Secretary's Office shall process and keep on file the certification of any City-
approved electronic signature system provider.
5.05 Any electronic signature system that has been used by a City department to initiate the
signature process, and before the effective date of this policy,must be authorized and/or
certified by the procedure in Sections 5.01 through 5.04(directly above)before any City
department may use said system in the future for executing any document.
6. Use of Electronic Signatures
6.01 Once an electronic signature system provider has been approved by the City Manager(or
the City Council, as applicable), its electronic signature system may be used City-wide
when electronic signatures are authorized under this policy.
6.02 Nothing in this policy affects the use of electronic signatures for internal City transactions
or transactions that do not result in legally binding documents.
6.03 A digital signature can only be assigned to an individual person for use and must be
unique to the person using it; (a digital signature assigned to a role, position,and/or title
is not considered valid).
6.04 A City department may use electronic signatures to conduct City external business
transactions and approvals in accordance with the Texas UETA if each party to each
transaction agrees to conduct the transaction electronically. Such agreement may be
implied from the context and surrounding circumstances.
6.05 Electronic signatures shall not be used in the following circumstances:
a. Electronic signatures are not allowed by law or by the contract provisions.
b. At least one party to the transaction does not agree to use electronic signatures.
c. The document is any of the following:
(1) A performance bond, payment bond, or maintenance bond;
Electronic Signature Policy,Page 5
(2) A power of attorney attached to a performance bond, payment bond, or
maintenance bond;
(3) A financial bond; or
(4) A court reporter form,or a form governed by the Supreme Court rules.
d. A signature will require a notary,and an online notary is not available at the time
that an electronic signature is occurring;or
e. The document is a deed or easement that requires manual signature(s) in order
for the document to be filed in public records and/or for a title policy to be
obtained for the conveyance.
6.06 When a City department is using the electronic signature system process,such department
will follow these basic guidelines:
a. The department will have worked with the City Attorney's Office to review and
finalize the document;
b. The finalized document will be routed for signature by being provided
electronically to an electronic signature system established pursuant to Section 5
hereinabove;
c. Each signer must have his/her own digital signature that is unique to the signer;
and
d. After all signatures are obtained, the executed electronic document will be
provided to the City Secretary's Office for filing.
6.07 If the City receives a document for signature initiated for electronic signatures by an
outside party,then the electronic signature system(used by the outside party)must be on
the Texas Department of Information Resources' "Approved List of PKI Service
Providers" (as amended) and/or on the Federal Public Key Infrastructure list (currently
managed by the General Services Administration) in order for City personnel to provide
a digital signature(s)on the document.
6.08 If a change or error in an electronic record occurs in a transmission between parties and
the parties have not agreed to use a security procedure to detect changes or errors, then
the transmission may be resent by the initiating party, using a document to which all
parties agree.
6.09 If a change or error in an electronic record occurs in a transmission between parties to a
transaction,then the following applies:
a. If the parties have agreed to use a security procedure to detect changes or errors
and one party has conformed to the procedure, but the other party has not, and
the nonconforming party would have detected the change or error had that party
also conformed, then the conforming party may avoid the effect of the changed
or erroneous electronic record.
Electronic Signature Policy,Page 6
b. In an automated transaction involving an individual,the individual may avoid the
effect of an electronic record that resulted from an error made by the individual
in dealing with the electronic agent of another person if the electronic agent did
not provide an opportunity for the prevention or correction of the error and,at the
time the individual learns of the error,the individual:
(1) Promptly notifies the other person of the error and that the individual did
not intend to be bound by the electronic record received by the other
person;
(2) Takes reasonable steps,including steps that conform to the other person's
reasonable instructions, to return to the other person or, if instructed by
the other person,to destroy the consideration received, if any,as a result
of the erroneous electronic record;and
(3) Has not used or received any benefit or value from the consideration, if
any,received from the other person.
c. If neither Subsection (a) nor(b) of this section applies, the change or error has
the effect provided by other law, including the law of mistake, and the parties'
contract, if any.
d. Subsections(b)and(c)of this Section 6.09 may not be varied by agreement.
6.10 Electronic signatures, which have been provided and/or accepted by the City before the
effective date of this Policy, are approved or otherwise ratified.
7. Roles and Responsibilities in Maintaining Use of Electronic Signature System(s)
7.01 The IT Department shall:
a. Keep logistical information regarding what electronic signature software is
currently approved,and what City departments are using this software;
b. At least on an annual basis,check each electronic signature system to make sure
each continues to be listed on the Texas Department of Information Resources'
"Approved List of PKI Service Providers" and/or on the Federal Public Key
Infrastructure list(currently managed by the General Services Administration);
c. At least on an annual basis,check each certification authority to make sure each
continues to be listed on the Texas Department of Information Resources'
"Approved List of PKI Service Providers" and/or on the Federal Public Key
Infrastructure list(currently managed by the General Services Administration);
d. Have control over day-to-day administration of certificates including creation and
revocation procedure; and
e. Revoke an electronic signature system's authorization(for City-wide use) if said
system is deemed unsuitable for the task it is assigned.
Electronic Signature Policy,Page 7
7.02 The IT Department may:
a. Request that each authorized and certified electronic signature system provider,
on an annual basis, submit to the City a copy of the provider's most recent SOC
report(s) (including those received from third-party independent auditors), in
order to ensure that the provider's system conforms with physical, technical,
operational, and administrative measures and protocols regarding data security;
b. Maintain general oversight of the City's certification authorities through third-
party vendors or incident response (IR) maintained security and authentication
services; and
c. Monitor that any certification and/or authorization is renewed in accordance with
the term specified in the Digital Certificate.
7.03 The removal of a service provider from the "Approved List of PKI Service Providers"
shall not,in and of itself,invalidate a digital signature for which a service provider issued
the certificate prior to its removal from the list.
H:\Legal\Research\Electronic Signatures\Electronic Signature Policy-03032025.docx
Electronic Signature Policy,Page 8