What is a Digital Signature Policy?

Many applications use digital signatures to certify that someone approves of a statement. Some are basic forms for internal use, like time sheets. Others may have full legal force, including contracts that bind large organizations over many years.

The policy for the use of digital signatures helps bring stability for these agreements by creating a foundation for trust and authenticity. They establish the algorithmic standards for creating the signatures, the creation and protection of any private keys, the promulgation of any public keys, and the procedures for creating new keys when old ones are either compromised or set for expiration.

The digital signature policy for each firm should be guided by the business needs. Some like a trading firm may be frequently exchanging large amounts of commodities or securities. They need fast agreements with full binding force. Others may just use the digital signatures for routine office accounting.

The more valuable the agreement that is sealed by the signature, the more care must be taken in creating and protecting the key material. Stronger cryptographic hardware and specialized authentication can increase the trust in any agreement.

The management (CIO, CSO, CISO etc.) can set a digital signature policy that will effectively establish the right level of security needed to provide the assurances that he legal department needs.