CASE STUDY

E-signatures enable USDA to better protect the food supply

Animal and Plant Health Inspection Service (APHIS) Lays the Groundwork for E-Signatures as a Shared Service Across the Enterprise

Executive Summary

Business Objectives
  • Go digital. Replace paper with automated business processes and e-signatures to better protect the food supply
The Problem
  • Paper made it impossible to track down an animal’s location in minutes, in the event of health or safety incidents
The Solution
  • OneSpan Sign Enterprise Plan
The Results
  • Conduct field transactions faster
  • Locate animals in transit in minutes (not days)
  • Accelerated processing of internal and external documents
  • Non-repudiation for legal purposes
  • Greater operational efficiency
  • Increased security and auditability of documents
  • Laid the groundwork for Agency-wide use of e-signatures

The U.S. Department of Agriculture (USDA) is responsible for the nation’s food supply, as well as agriculture, natural resources, and rural development. The Animal and Plant Health Inspection Service (APHIS), one of USDA’s 17 agencies, recognized the need for electronic signatures in 2009 and tasked a working committee to implement a solution that could scale across the organization. In 2013, APHIS’s Veterinary Services program moved to implement e-signatures within a year. Internal teams and vendors came together and in six months, deployed the OneSpan Sign Enterprise Plan on-premises solution and fully automated mission-critical, externally facing business processes.

The Challenge

APHIS plays a significant role in keeping U.S. livestock and poultry healthy. There are millions of animals crossing U.S. borders annually. They may be in transit across state lines, going from Mexico through to Canada, or leaving the U.S. for international destinations. It is important for animal health authorities to be able to trace animal movements when animal disease incidents occur.

An internal audit determined that the best initial processes for e-signatures were applications for import/export permits of livestock and applications for veterinary health certificates. There are multiple forms and signatures required to process each animal involved. In the paper-based system, when APHIS needed to identify an animal’s location, it would take days to track down the paperwork. In the event of a highly contagious disease outbreak, delays can place animal health at risk. APHIS needed to be able to pull records and take action in real time.

Patrick-McFall.png

OneSpan came onboard with a full complement of knowledgeable personnel who were able to help us cut through a lot of roadblocks.

Patrick McFallDirector, Software Services & Delivery, USDA APHIS

Requirements

Enterprise services

While APHIS needed an immediate solution, USDA had an enterprise need for digital business processes. Like other capabilities such as centralized accounting or HR services, e-signatures are increasingly implemented as a service that can be easily accessed by any division. This breaks down silos within the organization, saves on developer time, accelerates roll-out, and creates a consistent user experience.

No time to modify legacy systems

Prior to selecting OneSpan Sign, USDA had tried to build their own e-signature app. However, in order to make their app scalable, they would have had to modify all legacy apps one by one and then change those applications individually each time there were updates. With mature e-signature capabilities on the market, it was clear to the APHIS IT team that a third-party solution was the best option – as long as it did not require any modifications to existing systems.

Support for different workflows, authentication and signature capture methods

In addition to having to support multiple forms with multiple signatures, APHIS needed the flexibility to support many different workflows, ranging from basic internal forms to extremely complex, public-facing processes. For example, some would require PIV smartcard authentication leveraging the USDA’s PKI system, while others would require a variety of different authentication methods for proving the identity of external parties.

Audit trail with electronic evidence

USDA required non-repudiation, meaning the ability to trace who made decisions and who e-signed each document. It was crucial to have a comprehensive audit trail with a digital signature and timestamp for each individual signature as it was applied to a document. With so many parties signing, from certified veterinarians to border control personnel and transporters, if there is a dispute USDA has to be able to hold signers accountable.

Aggressive implementation timeline

The project timeframe was one year. In reality though, once the evaluation, product selection, and contracting steps were completed, there would be only six months left for implementation, testing, and go-live.

APHIS needed a vendor with a proven track record for rapid deployments in complex, regulated environments.

Implementation

APHIS worked with three vendors to complete the e-signature project: OneSpan Sign, Technik, and HP, whose contractors worked on the Veterinary Export Health Certificate System (VEHCS).

According to Patrick McFall, team leader and Director of Software Services & Delivery, there were two key factors that made the six-month timeline possible:

  1. The project was driven from the top down by his CIO, with the full support of senior management
  2. Maintaining a highly collaborative working partnership with everyone involved. The team hit roadblocks but came up with solutions and found ways to keep the project on schedule

As part of the project, there was also an integration with Pegasystems, which allows APHIS to build custom workflows for any process and embed an e-signature process within the workflow. In a second phase, APHIS will implement a content management system. For now, e-signed documents are stored in OneSpan Sign.

Lessons learned included:

  1. Bring all project team members on as early as possible.
  2. It may take longer than anticipated to prepare existing e-forms to receive e-signature. Plan accordingly.
  3. Involve multiple user groups in the testing phase.
  4. As part of the change management plan, provide training and openly communicate with user groups

APHIS needed a vendor image

Solution Impact

Through the ePermits portal, users can now electronically sign and submit permit applications, track applications, apply for renewals and amendments, and receive a copy of the permit - all while online. By adding electronic signatures to its portal, APHIS was able to:

  • Automate the paperwork required to apply for import/export permits and veterinary health certificates
  • Improve speed of movement for internal and external documents
  • Conduct field transactions faster
  • Quickly locate animals in transit
  • Provide superior service to all levels of USDA, from headquarters out to the field

OneSpan Sign is used by various staff throughout APHIS, as well as external parties such as import brokers, all of whom use the click-to-sign method. APHIS employees e-sign with their government issued PIV smartcard and PIN. External parties must be registered in the USDA’s eAuthentication database in order to e-sign.

Conclusion

Government organizations are using digital processes with secure electronic signatures to transform service levels and efficiencies, improve responsiveness, increase auditability, and cut costs. Issuing permits and licenses to citizens and businesses is often a top priority for agencies and departments looking to achieve these goals.

Even within a much larger organization, a single department can be an enabler. As demonstrated by APHIS, a small workgroup can put a scalable solution in place and enable a gradual expansion throughout the entire organization.

Integrating with a robust security posture and PIV compliance with the Federal Identity, Credential and Access Management (FICAM) architecture were key requirements in selecting an e-signature solution.

As a government agency, we needed a solution that met digital as well as electronic signature needs. We evaluated security that:

  • Is FIPS 140-2 compliant
  • Meets Federal guidelines on digital signature use
  • Supports government and commercial electronic signature use for our stakeholders and partners
  • Possesses government and legal enforceability guidelines

Additionally, there were several other important aspects of OneSpan Sign that reinforced our decision: ease of integration, end user platform independence, the embedded audit trail, electronic evidence playback, and OneSpan Sign’s track record for deployments in government environments.

Michele J. ThomasAPHIS Chief Information Security Officer
Download PDF