DocuSign is SF State's approved electronic signature solution available to faculty and staff for signing documents electronically and students for completing official university forms. This solution offers a secure and sustainable method of conducting University business, striving to better support SF State campus community.
DocuSign will only work with a @mail.sfsu.edu or @sfsu.edu email address. Logging in to DocuSign for the first time will automatically create your account and assign the appropriate access.
- Signers can sign documents, create and save signatures, and track the routing status or workflows in which they are identified as recipients.
- Viewers can sign documents, use templates, and send documents to others.
- Senders can create templates (and also have all the access of signers and viewers).
Students will be assigned Signer access, and faculty and staff will be assigned Viewer access by default. To obtain additional DocuSign access, you must submit a service ticket.
In accordance with the Electronic Signatures Policy:
- DocuSign is to be utilized only for University business purposes, not for personal matters or transactions.
- DocuSign is approved for use with Level 1 data and Personally Identifiable Information. DocuSign is not approved for use with PCI data (credit card information) or HIPAA data (medical records). Please refer to ITS' Confidential Data Policy for more information about confidential data.
- Only risk assessed and approved business processes can be used in DocuSign.* Business processes and associated documents are managed by campus process owners; the department that owns a business process is the only entity that may modify or upload the document for use in DocuSign.
- DocuSign is the approved tool for all University related business processes that involve SF State employees and external parties (signers must operate within their delegation of signing authority). For processes that involve external parties, please refer to this Security Matrix and apply the recommended security control based on the risk level of your documents.
- DocuSign should not be used as the final repository for the purpose of retaining university records. Departments must maintain their records in accordance with the appropriate record retention policy and ITS recommended file storage solutions.
*Memos and departmental forms routed internally (i.e., forms owned by your department and only sent to individuals within your department) are not required to undergo a risk assessment.