Government agencies are required by the Government Paperwork Elimination Act to provide the public with the a means of electronic filing.  In addition, agencies require software solutions and technologies that were designed with these requirements in mind. 

Formatta's e-form solutions are GPEA compliant and unmatched for their ease of use, cost of deployment, and ability to bridge your paper and electronic processes.

GPEA Overview

The Government Paperwork Elimination Act (GPEA, Pub. L. 105-277) requires that, when practicable, federal agencies use electronic forms, electronic filing, and electronic signatures to conduct official business with the public by 2003. In doing this, agencies will create records with business, legal and, in some cases, historical value. This guidance focuses on records management issues involving records that have been created using electronic signature technology. It supplements the Office of Management and Budget (OMB) guidance for agencies implementing GPEA, as well as other National Archives and Records Administration (NARA) guidance.

A sound records management program is an integral part of an agency's standard business operation. Agencies must consider records management requirements when implementing GPEA, or whenever they design or augment an electronic information system. Federal agencies are required by the Federal Records Act (44 U.S.C. 3101) to "make and preserve records containing adequate and proper documentation of the organization, functions, policies, decisions, procedures, and essential transactions of the agency." This requirement applies to electronic records as well. Agencies that do not consistently adhere to standard records management practices run the risk of not having records that can be depended upon in the course of subsequent business transactions or activities.

This guidance is directed both toward information technology (IT) specialists who establish electronic signature systems and who may not be familiar with the records management implications, and toward agency records management personnel. Good IT practices complement or parallel good records management practices. In systems implemented as a result of the GPEA, records management requirements will form the core of the IT system requirements. In implementing electronic signature technologies, IT professionals need to be aware that signatures are an integral part of a record. If the record needs to be preserved, whether for a finite period of time or permanently, then the agency needs to ensure the trustworthiness of the electronically-signed record over time.

Non-Repudiation

Irrespective of the approach an agency takes, some form of technical non-repudiation service must be implemented to protect the reliability, authenticity, integrity, and usability, as well as the confidentiality, and legitimate use of electronically-signed information. Non-repudiation is one of the essential security services in computing environments, being mainly applied in message handling systems and electronic commerce. The non-repudiation services that are being used in e-commerce can also be used in ascertaining the reliability of electronically-signed records. Non-repudiation services provide irrefutable evidence that an action took place. The services protect one party to a transaction (e.g., electronically signing a record) against the denial of the other party that a particular event or action took place. The services also provide safeguards that protect all parties from a false claim that a record was tampered with or not sent or received.

There are multiple frameworks for non-repudiation and agencies will choose the framework that matches their needs. One possible framework is the ISO (International Organization for Standardization) non-repudiation model (Non-repudiation - Part 1: General Model, ISO/IEC JTC1/SC27 N1503, November 1996; Non-repudiation - Part 2: Using symmetric techniques, ISO/IEC JTC1/SC27 N1505, November 1996). The essential elements of the ISO model are listed below:

• Evidence of the Origin of the Message & Verification: This shows that the originator created the message (electronically-signed record). The sender (person signing the record electronically) has to create a proof-of-origin certificate using the non-repudiation service. The electronically-signed record can be sent to another party (receiver of the electronically-signed record or another application for further processing) using the non-repudiation delivery authority service. The receiver has to store this evidence using the non-repudiation storage service. In case of dispute, the sender can later retrieve this evidence.
• Evidence of Message Receipt: This proves that the message (electronically-signed record) was delivered. The recipient must create and send a proof of receipt certificate using non-repudiation delivery authority service. The sender receives this evidence and stores it using the non-repudiation storage service; it can later be retrieved if there is a dispute.
• Transaction Timestamp: This timestamp is generated by the non-repudiation service as part of the evidence that an event or action took place.
• Long-term Storage Facility: This is used to store the certificates of origin and receipt. If there is a dispute, the adjudicator uses this storage facility to retrieve the evidence. Depending on the length of storage, it might be necessary to address software and hardware migration concerns as part of the design of this facility.
• The Adjudicator: The adjudicator is used to settle disputes based on stored evidence if either the sender or the receiver of electronically-signed records makes false claims.

Formatta Compliance

Formatta e-forms technology complies with all aspects of GPEA, and is the only solution to do so for electronic forms, electronic filing and digital signatures.    

Contact us for more information at: (888) 993-6767, or email to: sales@formatta.com