E-Sign is Software-as-a-Service (SaaS) hosted within our own infrastructure. We take security and data protection legislation extremely seriously, and the data is hosted in our UK data centers.
We ensure data confidentiality, integrity, and availability through a robust combination of policies, processes, and independent evaluation. Data is hosted in and does not leave the UK.
Relevant accreditations include Crown Commercial Services (formerly G-Cloud) framework provider, PSN ISO/IEC 27001 Information Security Management, ISO 9001 Quality Management, and Cyber Essentials Plus.
The approach to our architecture affords us excellent resilience in the context of Business Continuity, Disaster Recovery (DR), and High Availability (HA). We have chosen two geographically separate locations to host our servers to maximize failover and load balance options. E-Sign follows the ISO/IEC 27001:2013 – Information Security Management standard.
This means that we have to maintain a relevant Business Continuity and Disaster Recovery Plan. This plan is subject to regular internal review. We have an Information Security Management System (ISMS) group which meets regularly and by exception. The ISMS group includes Director-level membership.
As part of this methodology, recovery exercises are performed on a regular basis simulating disaster recovery scenarios. In the rare event that a system failure does occur, we use an aggressive, root cause analysis process to deeply understand the cause. Implementation of improvements learned from such an event is a top priority for us. We will provide post-mortems for every customer-impacting incident upon request, should one occur.
Furthermore, Business Continuity and Disaster Recovery feature in our day-to-day operational processes as part of our commitment to excellent IT service management through the adoption and embedding of the ITILv3 framework for IT support.
We conduct tests against our Business Continuity and Disaster Recovery plans every 3 months after a significant change and release and in the event of something such as an office move. Our MIS service including the infrastructure to support it, together with our Information Security Management System (ISMS) and related policies and procedures are independently audited at least annually, or after a major change.
E-Sign is registered with the Information Commissioner’s Office (ICO) and complies with the Data Protection Act (DPA) legislation. Our registration number is: ICO:ZA058294.