APEGA Completes Comparison of Digital Signature Providers

DigitalSigArticle-ePEG-300x300

At APEGA’s annual general meeting on April 22, 2022, a registrant submitted a resolution requesting a thorough review of APEGA’s digital signature process, including a comparison of costs, features, and security with at least two other digital signature providers.

 In response to the registrant request, APEGA staff conducted a thorough review of APEGA’s digital signature process. The analysis found that Notarius is currently the only provider to offer an efficient, cost-effective, software-as-a-subscription option that meets all requirements for an acceptable certificate authority under APEGA’s Authenticating Professional Work Products practice standard. Therefore, APEGA will continue to use Notarius as its only approved vendor to issue APEGA’s digital signatures.

Digital signatures are essential to ensuring public safety through the professions: they guarantee the integrity of signed documents and prevent their falsification, and they serve as proof that the signer is in good standing with APEGA and has the right to practise in Alberta. Since 2010, Notarius has been APEGA’s chosen vendor of digital signatures, with more than 10,000 APEGA registrants, working for 800 permit holders, having signed up to use its digital signature process.

More about Notarius

Notarius is APEGA’s only approved provider of APEGA’s digital signatures. Its software contains:

  • a function to issue digital signatures without third-party agreements or integrations
  • an online portal that enables registrants to request a professional digital signature and track the status of their request
  • a face-to-face identity verification using two government-issued IDs and a professional designation validation before digital signatures are issued
  • approval workflow, including online access for APEGA staff to approve or reject an application
  • a private digital signing key that includes a registrant’s professional designation and the ability to apply an APEGA-designed and approved custom digital stamp to a signed document
  • a signing platform (ConsignO Desktop) accessible on or offline, featuring authentication capabilities designed specifically for the professions
  • the ability for APEGA to revoke a digital signature if a registrant is no longer in good standing, is non-practising, or has cancelled their membership

Comparing options

In reviewing APEGA’s digital signature offering, staff considered the following options and compared how each met APEGA’s requirements:

  • Notarius (current provider for APEGA’s digital signatures)
  • two certificate authority providers
  • three electronic signature providers
  • an APEGA-managed hybrid model

 While certificate authority providers meet certificate issuance and management service requirements, they do not:

  • license and manage the certificate authority
  • provide cybersecurity measures
  • offer a signature-enabling platform
  • offer an online portal to process requests, approvals, or the issuance of digital signatures

Although electronic signature vendors offer an online signing platform, they do not offer:

  • an online portal to process requests
  • a workflow for APEGA staff to approve, reject, or revoke a digital signature
  • certificate authority provider functionalities such as issuing certificates (this requires custom integration with a third party)

The following table shows a comparison of the various requirements needed to be an acceptable certificate authority as per APEGA’s requirements in the Authenticating Professional Work Products practice standard.

Requirements Notarius Certificate Authority Providers Electronic Signature Providers
Experience in providing authentication technology to registrants of other professional associations Yes Partially
(to members, not associations)
Yes
Resources, technical support, and systems to provide continued service to users Yes Yes Yes
Protocols ensuring only APEGA licensed professionals are granted the authority to own and use an electronic image of their stamp with their personalized digital certificate* Yes Partially No
Protocols enabling APEGA to withdraw or suspend an APEGA licensed professional’s ability to use the digital certificate  Yes Partially No
A platform that offers flexibility and ease-of-use for a wide range of purposes and applications (e.g., compatibility with different file formats)  Yes Yes Yes
A public-key infrastructure, which is a combination of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and withdraw digital signatures Yes Partially
(managed by APEGA)
No
A digital certificate compliant with the International Telecommunication Union X.509 v. 3 standard  Yes Yes Partially
Ability for APEGA licensed professionals to maintain the sole control and possession of their digital certificateYes Partially
(managed by APEGA)
No
Ability to store the digital certificate on the medium of the APEGA licensed professional’s choice (e.g., hard drive or memory stick) Yes Yes No
Interfaces between the technology and software used by APEGA licensed professionals so the image of the APEGA stamp with signature and date appears when printing or viewing the professional work productYes No Partially

* A digital certificate verifies a digital signature. The certificate keeps the information related to the signature that authenticates the identity of the user.

An APEGA-managed hybrid model

APEGA could combine several platforms to build its own service to issue digital signatures. However, this would require additional equipment and staffing, as well as service coordination from at least three providers. APEGA would also have to assume the associated risks and costs of purchasing, managing, and supporting the certificate authority and maintaining cybersecurity and custom integrations.

Currently, a Notarius digital signature costs $185 annually, plus a one-time sign-up fee of $140. Most engineering and geoscience regulators across Canada issue their digital signatures through Notarius, so registrants practising in other jurisdictions can acquire a second signature for $75.

 Under an APEGA-managed hybrid model, registrants would pay 260 per cent more for a digital signature, starting at $660 annually. As mentioned, APEGA would also incur additional costs.

The following table shows the cost comparison between the current Notarius model versus an APEGA-managed hybrid model. 

Digital Signature System Components Notarius APEGA-Managed Hybrid Model
Certificate authority provider Included $3601
E-signature provider Included $240 to $630
Online platform Included $602
First signature $1853 $660 to $1,0504
Second signature $75 $185
Annual total $260 $845 to $1,2355

1: Cost for licensing only, not including personnel, hardware, or insurance.

2: Cost for licensing only, not including development.

3: Recurring annual fee; does not include Notarius one-time sign-up fee of $140.

4: Recurring annual fee; does not include an initial sign-up fee.

5: Note: These figures were derived from public information and did not include a detailed estimate of the work.


Final thoughts

APEGA endeavours to provide the tools and resources best suited to help our registrants meet their professional obligations while ensuring the best possible use of the dues they pay to maintain professional membership in Alberta.

This review of APEGA’s digital signature offering found that Notarius remains the best—and only—option for digital signatures under the requirements outlined in APEGA’s Authenticating Professional Work Products practice standard.

If you have any questions about APEGA’s digital signature process, please email [email protected].

Learn More About APEGA’s Digital Signatures

Articles

Top Articles