GPEA Compliance
A Vital Tool in Your GPEA Strategy
Government agencies are required by the Government Paperwork Elimination Act to provide the public with
the a means of electronic filing. In addition, agencies require software solutions and technologies that were
designed with these requirements in mind.
Formatta's e-form solutions are GPEA compliant and unmatched for their ease of use, cost of deployment,
and ability to bridge your paper and electronic processes.
GPEA Overview
The Government Paperwork Elimination Act (GPEA, Pub. L. 105-277) requires that, when practicable, federal
agencies use electronic forms, electronic filing, and electronic signatures to conduct official business with
the public by 2003. In doing this, agencies will create records with business, legal and, in some cases,
historical value. This guidance focuses on records management issues involving records that have been
created using electronic signature technology. It supplements the Office of Management and Budget (OMB)
guidance for agencies implementing GPEA, as well as other National Archives and Records Administration
(NARA) guidance.
A sound records management program is an integral part of an agency's standard business operation.
Agencies must consider records management requirements when implementing GPEA, or whenever they
design or augment an electronic information system. Federal agencies are required by the Federal Records
Act (44 U.S.C. 3101) to "make and preserve records containing adequate and proper documentation of the
organization, functions, policies, decisions, procedures, and essential transactions of the agency." This
requirement applies to electronic records as well. Agencies that do not consistently adhere to standard
records management practices run the risk of not having records that can be depended upon in the course
of subsequent business transactions or activities.
This guidance is directed both toward information technology (IT) specialists who establish electronic
signature systems and who may not be familiar with the records management implications, and toward
agency records management personnel. Good IT practices complement or parallel good records
management practices. In systems implemented as a result of the GPEA, records management
requirements will form the core of the IT system requirements. In implementing electronic signature
technologies, IT professionals need to be aware that signatures are an integral part of a record. If the record
needs to be preserved, whether for a finite period of time or permanently, then the agency needs to ensure
the trustworthiness of the electronically-signed record over time.
Non-Repudiation
Irrespective of the approach an agency takes, some form of technical non-repudiation service must be
implemented to protect the reliability, authenticity, integrity, and usability, as well as the confidentiality, and
legitimate use of electronically-signed information. Non-repudiation is one of the essential security services
in computing environments, being mainly applied in message handling systems and electronic commerce.
The non-repudiation services that are being used in e-commerce can also be used in ascertaining the
reliability of electronically-signed records. Non-repudiation services provide irrefutable evidence that an
action took place. The services protect one party to a transaction (e.g., electronically signing a record)
against the denial of the other party that a particular event or action took place. The services also provide
safeguards that protect all parties from a false claim that a record was tampered with or not sent or received.
There are multiple frameworks for non-repudiation and agencies will choose the framework that matches
their needs. One possible framework is the ISO (International Organization for Standardization) non-
repudiation model (Non-repudiation - Part 1: General Model, ISO/IEC JTC1/SC27 N1503, November 1996;
Non-repudiation - Part 2: Using symmetric techniques, ISO/IEC JTC1/SC27 N1505, November 1996). The
essential elements of the ISO model are listed below:
Formatta Compliance
Formatta e-forms technology complies with all aspects of GPEA, and is the only solution to do so for
electronic forms, electronic filing and digital signatures.
Contact us for more information at: (888) 993-6767, or email to: sales@formatta.com
A Vital Tool in Your GPEA Strategy
Government agencies are required by the Government Paperwork Elimination Act to provide the public with
the a means of electronic filing. In addition, agencies require software solutions and technologies that were
designed with these requirements in mind.
Formatta's e-form solutions are GPEA compliant and unmatched for their ease of use, cost of deployment,
and ability to bridge your paper and electronic processes.
GPEA Overview
The Government Paperwork Elimination Act (GPEA, Pub. L. 105-277) requires that, when practicable, federal
agencies use electronic forms, electronic filing, and electronic signatures to conduct official business with
the public by 2003. In doing this, agencies will create records with business, legal and, in some cases,
historical value. This guidance focuses on records management issues involving records that have been
created using electronic signature technology. It supplements the Office of Management and Budget (OMB)
guidance for agencies implementing GPEA, as well as other National Archives and Records Administration
(NARA) guidance.
A sound records management program is an integral part of an agency's standard business operation.
Agencies must consider records management requirements when implementing GPEA, or whenever they
design or augment an electronic information system. Federal agencies are required by the Federal Records
Act (44 U.S.C. 3101) to "make and preserve records containing adequate and proper documentation of the
organization, functions, policies, decisions, procedures, and essential transactions of the agency." This
requirement applies to electronic records as well. Agencies that do not consistently adhere to standard
records management practices run the risk of not having records that can be depended upon in the course
of subsequent business transactions or activities.
This guidance is directed both toward information technology (IT) specialists who establish electronic
signature systems and who may not be familiar with the records management implications, and toward
agency records management personnel. Good IT practices complement or parallel good records
management practices. In systems implemented as a result of the GPEA, records management
requirements will form the core of the IT system requirements. In implementing electronic signature
technologies, IT professionals need to be aware that signatures are an integral part of a record. If the record
needs to be preserved, whether for a finite period of time or permanently, then the agency needs to ensure
the trustworthiness of the electronically-signed record over time.
Non-Repudiation
Irrespective of the approach an agency takes, some form of technical non-repudiation service must be
implemented to protect the reliability, authenticity, integrity, and usability, as well as the confidentiality, and
legitimate use of electronically-signed information. Non-repudiation is one of the essential security services
in computing environments, being mainly applied in message handling systems and electronic commerce.
The non-repudiation services that are being used in e-commerce can also be used in ascertaining the
reliability of electronically-signed records. Non-repudiation services provide irrefutable evidence that an
action took place. The services protect one party to a transaction (e.g., electronically signing a record)
against the denial of the other party that a particular event or action took place. The services also provide
safeguards that protect all parties from a false claim that a record was tampered with or not sent or received.
There are multiple frameworks for non-repudiation and agencies will choose the framework that matches
their needs. One possible framework is the ISO (International Organization for Standardization) non-
repudiation model (Non-repudiation - Part 1: General Model, ISO/IEC JTC1/SC27 N1503, November 1996;
Non-repudiation - Part 2: Using symmetric techniques, ISO/IEC JTC1/SC27 N1505, November 1996). The
essential elements of the ISO model are listed below:
- Evidence of the Origin of the Message & Verification: This shows that the originator created the
message (electronically-signed record). The sender (person signing the record electronically) has to
create a proof-of-origin certificate using the non-repudiation service. The electronically-signed record
can be sent to another party (receiver of the electronically-signed record or another application for
further processing) using the non-repudiation delivery authority service. The receiver has to store this
evidence using the non-repudiation storage service. In case of dispute, the sender can later retrieve
this evidence.
- Evidence of Message Receipt: This proves that the message (electronically-signed record) was
delivered. The recipient must create and send a proof of receipt certificate using non-repudiation
delivery authority service. The sender receives this evidence and stores it using the non-repudiation
storage service; it can later be retrieved if there is a dispute.
- Transaction Timestamp: This timestamp is generated by the non-repudiation service as part of the
evidence that an event or action took place.
- Long-term Storage Facility: This is used to store the certificates of origin and receipt. If there is a
dispute, the adjudicator uses this storage facility to retrieve the evidence. Depending on the length of
storage, it might be necessary to address software and hardware migration concerns as part of the
design of this facility.
- The Adjudicator: The adjudicator is used to settle disputes based on stored evidence if either the
sender or the receiver of electronically-signed records makes false claims.
Formatta Compliance
Formatta e-forms technology complies with all aspects of GPEA, and is the only solution to do so for
electronic forms, electronic filing and digital signatures.
Contact us for more information at: (888) 993-6767, or email to: sales@formatta.com
| Copyright © 1997 - 2010 Formatta Corporation, All rights reserved. |
Email:
support@formatta.com
Phone: Refer to your
Designer or Server license
agreement for the telephone
number of your customer
service representative.
support@formatta.com
Phone: Refer to your
Designer or Server license
agreement for the telephone
number of your customer
service representative.
Support
View Demos
Click here to see a list of
pre-recorded demonstrations
that illustrate the capabilities
of the Formatta solution.
pre-recorded demonstrations
that illustrate the capabilities
of the Formatta solution.
Email or call us at (888)
993-6767 to schedule a
demo or learn more about
Formatta's E-Form Suite.
993-6767 to schedule a
demo or learn more about
Formatta's E-Form Suite.
Schedule A Live Demo
The Formatta E-Forms suite
addresses the varied needs
of organizations:
addresses the varied needs
of organizations:
 | Public E-Forms | |
| Internal E-Forms | |
| Pre-Filled E-Forms | |
| Remote Signing | |
One Solution-Many Functions
 |
 |
 |
 |
 |
 |
 |
 |
 |
Business Solutions
White Papers
Product Downloads
Platform: Windows
Price: free
Platform: Windows
Price: call
Request ProductDemonstration
Platform: Windows
Price: call
Request Product Demonstration
 | Higher Education | |
| K-12 Education | |
| Financial Services | |
| Federal Government | |
| State & Local Government | |
| Healthcare | |
| Human Resources |
White Papers
| Digital Signature White Paper | |
| ROI White Paper | |
| CIO White Paper |
Product Downloads
| Formatta Filler 7.0 PC |
Price: free
| Formatta E-Forms Manager 7.3 |
Price: call
Request Product
| Formatta Designer 7.0 |
Price: call
Request Product