CNRS: when the world of research adopts electronic signatures

The C.N.R.S. (Centre National de la Recherche Scientifique) is the flagship of French research. In 2020, during the lockdown, the institution found itself unable to meet the needs of the HR departments within the perimeter of its 18 regional delegations.
C.N.R.S. turned to Lex Persona, a technology partner of choice.

C.N.R.S. was inspired byI.N.R.I.A. 's (Institut National de Recherche en Sciences et Technologies du Numérique) implementation of an electronic signature management system in record time.

The 2 structures are very close in the Scientific Research galaxy.

"The project was set up as a matter of urgency to meet the human resources needs of the C.N.R.S. regional delegations. The aim was to be able to electronically sign unilateral HR decisions made by the administration .

In other words, all documents relating tocareer development (reclassification, change of step, etc.). We were clearly lagging behind in our dematerialization processes, particularly in the area of electronic signatures. The pandemic forced us to step up a gear and quickly find a solution for this use. Michel Chabanne, CISO at CNRS.

Upstream risk assessment

Before deploying the signature tool, the CISO contacted his Legal Department to choose the appropriate signature level. For this requirement, a "simple " signature was sufficient.

"We haven't yet identified all the documents that can be signed electronically. This will be done this year.

If there were one piece of advice to be given to organizations embarking on a similar project, it would be to carry out this legal analysis upstream. Quite simply, to avoid putting yourself at compliance risk with an inappropriate signature level on signed documents." Michel Chabanne, CISO at CNRS.

Towards authentication via AgentConnect?

The CNRS therefore turned to Lex Persona and set up an electronic signature system with certificates generated on the fly.

"It's suitable for low-risk documents, but in the future we'll be using qualified, advancedsignatures, for employment contracts for example. As far assignatory authentication is concerned, what could make sense for CNRS in the future is the use of "AgentConnect", the identification system designed by the French government for its ministries and operators" (the professional counterpart to FranceConnect). Michel Chabanne, CNRS CISO.

Decentralized deployment

Electronic signatures have been integrated into the 18 regional delegations.

"There is, in fact, a great deal of autonomy among the delegations. The project was urgent, and finding a consensus between all these delegations seemed complicated. Especially given the digital maturity of our users" Michel Chabanne, RSSI at CNRS.

In fact, it was a real challenge to get the business to take the electronic signature on board. This was true both for administrative staff unfamiliar with the subject, and for certain agents who lacked confidence in the system. Some employees prefer to sign face-to-face.

"Nor should dematerialization rhyme with dehumanization of processes" Michel Chabanne, RSSI at CNRS.

Factors that don't make life easy for IS or CISOs

Security was naturally at the heart of the project. In particular, through the management of roles and authorizations. In other words, the role of the person authorized to sign and his or her signature perimeter.

At the CNRS, this is done via a Master Data Management solution. This is based on several repositories. A personnel repository and a structure repository (corresponding to the 1,200 CNRS laboratories). This is not, as in most cases, a company directory.

With 115,000 employees and a high turnover linked to the lifespan of the laboratories (research cycles are generally 5 years), the CNRS records a huge number of entries and exits with changes in rights every year. The CNRS also has a large number of mobile researchers and students who move from one laboratory to another. The various offices based abroad add a further layer of complexity to the process (USA, Canada, China, Egypt, etc.).

"With this organization, this often constitutes a complexity for our technology partners. And that's often where the problem lies.

In this context, our suppliers and technology partners have to adapt to our rules, and be able to break with standards. This is exactly what Lex Persona was able to do. This was an essential factor in our choice of electronic signature partner" Michel Chabanne, RSSI at CNRS.

No time to wait for the webinar?

Contact us

Recommended items

---

Electronic signatures for the public sector

UsesExpert opinion

Lex Persona is a "France Num" activator

News

Electronic signatures for the public sector: the University of Paris-Saclay's challenge

Case studies

Simplified electronic signature with FranceConnect

Uses

Electronic signatures, public procurement and calls for tender

Uses