The client plans to award SaaS services for digital signatures. The invitation to tender shall take the form of a negotiated procedure with a competition in accordance with the legal provisions applicable to sector activities.
As part of the HR Transformation program, the importance and necessity of digital signatures in the EWE Group was worked out. But also in the departments of market and infrastructure as well as the other central functions, the need and demand for secure digital signatures is great in order to ensure customer-oriented, lean E2E processes or process optimization. This was confirmed overall by a series of workshops on the "new normal".
That is why IT and HR are pushing ahead with the introduction of a digital signature solution for all relevant documents throughout the EWE Group. It contributes not only to the HR strategy, but also to the Group's strategic priorities of focus, performance, collaboration and digitization.
There are three types of electronic signatures: simple, advanced and qualified electronic signatures. A qualified electronic signature is required in order to carry out the manual signature digitally in the same legal certainty. Currently, there is no possibility of advanced or qualified electronic signature within the Group in accordance with the European eIDAS Regulation and thus (legally) secure digital signing is not possible.
In a preliminary project, analysis workshops were carried out within the Group central functions, in the Market department and in the Infrastructure department. These have shown that for a complete transformation or adoption of a digital signature solution, we need about 100,000 transactions per year, of which about 75% require an advanced or qualified electronic signature. Today, these are not digitally affordable for EWE employees because there is no available solution.
Furthermore, professional and technical requirements for a digital signature solution were collected. After additional review and basic approval of data protection and information security requirements, we aim to introduce a digital signature service as Software as a Service (Saas). From the introduction as SaaS we hope for some advantages, such as a simpler implementation, high availability and performance as well as easier further development and troubleshooting.
At the same time, we place high demands on IT security and data protection for the use of a SaaS model. A potential solution must comply with the requirements of the GDPR. If personal data is transferred to a third country, appropriate measures must be taken to protect this data. In concrete terms, this means that when transferring personal data to a third country, compliance with the new standard contractual clauses (standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 4 June 2021) or certified Binding Corporate Rules (see description EU Commission) must be met. Otherwise, providers will not be admitted to participate in the tender. Please confirm compliance with the GDPR and - if necessary - the protection of personal data in the event of transfer to third countries by completing the attached order data processing (Annex 10) as well as technical and organisational measures (Annex 11). Alternatively, you can submit your own, equivalent agreement for the protection of personal data (e.g. AVV & TOMs or BCRs).
In addition, there are other mandatory requirements that will lead to exclusion in the event of non-compliance in the course of the offer phase. An eligible digital signature solution must:
Enable the digital signing of simple, advanced and qualified electronic signatures in accordance with the eIDAS Regulation (REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014)
Enable guided signatures
Offer a video identification option for initial identification to obtain a personal certificate for qualified electronic signing
Available in German and English
Be free of charge for internal and external signature holders and be accessible without any installations to be performed (browser and e-mail client can be assumed)
Be able to add abbreviations such as "i.V.", "i.A." or "ppa." to a digital signature
Allow the creation of different roles with different rights
Be mobile via responsive website or web app on mobile browsers
Provide native integration with MS Teams
Provide native integration with MS Sharepoint Online
Provide native integration with MS Dynamics
Provide native integration with Workday
Further requirements can be found in the award criteria (Annex 07).
project goal
The introduction of one of these digital signature solutions contributes significantly to the digitization and sustainability of EWE: digital signing leads to a significant reduction in throughput times, enables digital end-2-end processes, improves mobile working for employees, saves resources and shipping routes and increases legal and information security within and outside the Group.