The importance of signing software

December 11, 2024

In an increasingly digitalised business world, electronic signatures are steadily growing in importance. They not only ensure the integrity and authenticity of documents, but also guarantee their legal validity. While the focus is often on cryptographic methods and signature certificates, a central element is often overlooked: the transfer note. However, this is essential for the audit-proof digitisation of analogue documents and a central component for compliance with regulatory requirements – especially in the context of BSI TR-03138 (TR-RESISCAN) and long-term archiving in PDF/A format.

This article highlights the importance of transfer notes, explains their role in conjunction with signature software such as firmsign, and shows why their support is essential for legally compliant digitisation processes.

1. Basics: What is a transfer note?

A transfer note (also known as a ‘transfer notice’) is a structured piece of information that describes the circumstances under which a physical document was converted into a digital format. It is particularly necessary when digital copies of paper documents are created and archived – a process that is part of everyday practice in almost all industries.

Typically, a transfer note contains a range of structured information that together documents the digitisation process and makes it traceable.

A central component of the transfer note is the information about who carried out the digitisation of the document. This can be either a natural person (e.g. an employee) or an organisational unit (e.g. a scanning centre or an external service provider). This information makes it possible to clearly assign responsibility for the digitisation process. Especially in the event of legal disputes or audits, it is essential to be able to trace which instance was responsible for creating the digital copy. Stating the organisation also increases the trustworthiness of the archiving.

The time of digitisation – ideally with the date and time – documents when the analogue document was converted into a digital version. This information is not only relevant for internal traceability, but can also play a role in legal assessment, for example to clarify deadlines or to preserve evidence in legal proceedings. In conjunction with a qualified electronic signature, which also contains a timestamp, this information makes it possible to precisely determine the time of the digitisation event in the life cycle of the document.

Another important aspect is the description of the technical conditions under which the digitisation took place. This includes information about the scanner used (e.g. model, resolution, colour mode) and the software used and its configuration. This information enables the technical reproducibility of the scanning process and proves that standard-compliant and quality-assured procedures were used. In regulated environments – such as in healthcare or at public authorities – documentation of the technical infrastructure is an essential part of process security and may be required for certification procedures or audits.

Optional, but helpful in many cases, is the specification of the specific context in which the document was digitised. This could be, for example, the affiliation to a certain business process (e.g. incoming invoice processing, contract management or patient admission) or the reference to a certain transaction number or case file. This contextual information means that the transfer note is not only a technical record, but also a semantic link within the business processes. It enables targeted assignment and significantly facilitates subsequent research, tracking or revision of archived documents.

The purpose of the transfer note is to ensure the transparency and traceability of the digitisation process. It makes a significant contribution to strengthening the probative value and reliability of digital documents – especially when the analogue original is destroyed (so-called ‘replacement scanning’).

2. Importance in signature practice

Electronic signatures only achieve their full effect when, in addition to the purely technical security, the process of creating and processing the document is also documented. Particularly in the case of scanned originals, the transfer note is an

In industries with strict legal and regulatory requirements – such as healthcare, finance and public administration – organisations are obliged to implement audit-proof archiving. This means that digital documents must be stored in a manner that is unalterable, complete and traceable. The transfer note documents the origin and the time of digitisation of a document and thus becomes an integral part of audit security.

Court proceedings often require the submission of evidence in digital form. A digital document that has a qualified electronic signature and a consistent transfer note has a significantly higher probative value. The transfer note serves as a procedural bridge between the analogue original and the digital representation.

Modern signature solutions such as firmsign must therefore be able to:

• capture and document transfer notes automatically,
• embed them in a structured manner in metadata formats (e.g. XMP in PDF/A),
• integrate them in an audit-proof manner into the signed files.

Only this seamless embedding can ensure that both the signature and the transfer note remain inseparably and tamper-proof linked.

3. Technological basis: PDF/A as the carrier format

PDF/A is the international standard (ISO 19005) for the long-term archiving of digital documents. It was developed specifically to ensure that documents are still readable, reproducible and legally compliant decades from now.

PDF/A is the established standard format for the long-term archiving of digital documents and offers significant advantages that make it indispensable, particularly in the context of audit-proof documentation. One key advantage is its self-contained format: All content required to display the document – such as fonts, colour profiles and metadata – are fully embedded in the file format. This ensures that a PDF/A document can be displayed correctly at any time, regardless of the system or software environment. PDF/A also has integrated protective mechanisms against subsequent changes. This write protection function contributes significantly to the integrity of the document and is particularly important for legally or regulatory relevant applications.

Another key advantage lies in the possibility of embedding structured metadata in the document – for example, via the XMP format. This allows additional information such as transfer notes to be stored directly in the document. This means that the transfer note is not only visible to human readers, but can also be automatically evaluated by machines. This machine-readable structuring opens up a wide range of possibilities for digital verification and archiving processes and contributes to automation and increased efficiency. Especially in regulated environments, the integration of the transfer note into the PDF/A structure is an important building block for legally compliant digitisation and long-term archiving.

The signature software must therefore embed the transfer note in the document before creating the signature to ensure that it is protected by the signature. firmsign meets this requirement by automatically integrating transfer information into the signing process.

4. Regulatory framework: The BSI TR-03138 (TR-RESISCAN)

The Technical Guideline TR-03138 of the German Federal Office for Information Security (BSI), known as TR-RESISCAN, defines requirements for ‘replacement scanning’. The aim is to make digital copies of analogue documents legally usable – without having to store the original.

The Technical Guideline BSI TR-03138 (TR-RESISCAN) defines **binding requirements for the legally compliant digitisation ** of analogue documents and their replacement archiving. A central element is the comprehensive procedural documentation: the entire scanning process must be described and documented in a comprehensible manner so that the individual steps of the digitisation process can be checked if necessary. In addition, the guideline requires a clear proof of integrity that ensures that the digital copy is unchanged and tamper-proof. PDF/A is explicitly mentioned as the technical format for long-term archiving because it offers properties such as self-withholding and write protection. Particular importance is attached to the transfer note, which is expressly intended as a tool for providing evidence and documenting digitisation.

In the context of these requirements, the signature software used plays a crucial role. A TR-RESISCAN-compliant solution must be able to embed transfer notes in PDF/A files in an automated and structured way – and before the signature is created. In addition, the signature itself must be cryptographically secured, ideally in the form of a qualified electronic signature according to the eIDAS regulation. After the signing process has been completed, it must no longer be possible to make any changes to the document in order to maintain its integrity. Solutions such as firmsign meet these requirements by means of a fully automated workflow in which the transfer note is dynamically generated, embedded in accordance with the rules and then signed together with the document. This ensures that the entire process is efficient, transparent and legally compliant.

5. Practical relevance and recommendations

Companies that are developing their digitisation strategies or modernising existing processes should pay particular attention to the ability of their signature solutions to integrate transfer notes. Particularly in heavily regulated industries such as healthcare, finance and public administration, this functionality is not optional but an essential requirement for legally compliant and audit-proof document processes. Transfer notes enable the traceability of the digitisation process and are therefore a central element of audit-proof archiving.

This also results in a clear mandate for software providers to act. Consistently implementing the requirements of BSI TR-03138 (TR-RESISCAN), the eIDAS Regulation and the PDF/A standard (ISO 19005) is crucial to remaining competitive in the market. The ability to seamlessly integrate transfer notes into the signature and archiving workflow gives providers a clear competitive advantage – in tendering procedures as well as in customer retention and certification processes.

Auditors and IT security officers need to ensure that **transfer notes are fully integrated in terms of content and technically tamper-proof **when checking digital archiving processes. They must also be archived in an audit-proof manner together with the digital signature. This is the only way to reliably ensure compliance with regulatory requirements, particularly those of TR-RESISCAN.

In view of the growing volume of documents, manual handling of transfer notes is no longer practical. Modern signature platforms such as firmsign therefore rely on automated, scalable solutions that integrate into existing workflows, provide structured data capture, multi-client capable administration and the option of combining with time stamp services. This makes regulatory compliance an integral part of efficient, digital business processes – without additional effort in day-to-day operations.

6. Outlook: Automation and scalability

With the increasing digitalisation of administrative and business processes, the number of documents to be signed and archived is also growing. Manual management of transfer notes is not practical in high-volume scenarios.

Advanced signature platforms such as firmsign therefore offer:

• Integration into existing workflows
• Automatic capture and structuring of transfer data
• Multi-client capable administration for group-wide archiving requirements
• Combination with time stamp services for additional legal protection

This means that compliance with regulatory requirements does not become an operational burden, but an integral part of modern document processes.

Conclusion

The transfer note is much more than a formal addition in digital document processing. It is an indispensable element for ensuring audit compliance, legal validity and traceability in digital archives. In conjunction with PDF/A and regulatory requirements such as BSI TR-03138, it plays a key role – especially in environments with high compliance pressure.

Modern signature solutions such as firmsign provide the necessary technical infrastructure to integrate transfer notes in an automated, standard-compliant and tamper-proof manner. This functionality is indispensable for companies that want to work digitally in a legally compliant and efficient manner in the long term.