Depending on the industry in which an organization operates, as well as the relevant legal and regulatory requirements, different organizations have varying appetites for security risk. At eSign, security stands as a top priority in the research, design, and development of all our products. Each product is constructed with configurable security in mind. The eSign Agreement Cloud is crafted to maximize security for data in transit and at rest. It allows customization of security settings to align with your needs for managing and sharing data access and security risks. Additionally, every eSign product on our reputable platform undergoes rigorous security audits and monitoring to ensure the confidentiality and security of your data. Utilize the links below for information on the security of specific products:
- Verification Tools
- Electronic Signatures
- Payment Processing
- Electronic Seals
- eConsent
Refer to the list below for a summary of the main security measures and procedures employed by all eSign products to safeguard your documents and data.
Hardware and Infrastructure:
- Multi-regional, geo-distributed data centers with ISO 27001 certification
- Secure data replication in near real-time and encrypted archiving
- Strict physical access controls and round-the-clock on-site security adhering to widely accepted standards
- Annual testing for Disaster Recovery (DR) and Business Continuity Planning (BCP)
- Network management systems, border routers, and high-caliber firewalls
Systems and Operations:
- Physically and logically a separate networks
- Centralized, logical access management system
- VPN access with encryption and two-factor authentication
- Mitigation of Denial of Service (DDoS)
- Active detection and prevention of intrusions
- Integration of anti-malware software with instant notification to eSign’s cyber incident response team on detecting potentially harmful code
- Penetration testing by a third party
Applications and Access:
- Formal code reviews and third-party vulnerability mitigation
- Advanced Encryption Standard (AES) 256-bit encryption at the application level
- Program for key management and encryption
- Malware defense
- All documents created and signed using eSign are protected by a digital audit trail and a Certificate of Completion, preventing revocation
- Customizable security features, including multi-factor authentication and role-based authorization for all business transaction types
Transmission and Storage:
- Subscriber data encrypted according to industry best practices
- HTTPS access and data transfer to/from eSign
- Controls to prevent tampering
- Verification of signing events by signature
- Systematic, unchangeable recording of signing data
- Technology for digital certificates
- Ability to set the customer’s own data retention parameters
Complete Security from Beginning to End:
End-to-end security for our customers’ data is provided by this foundation:
- Customer information kept private, including from eSign; documents and data are private, and access is managed by workflow
- Integrity: Every document guaranteed to be tamper-evident and intact
- Availability: Customers can be sure that eSign’s service will be available whenever they need it, thanks to its replicated, geographically dispersed infrastructure, consistently offering high availability
- Authenticity: Through multifaceted verification of signing events, customers can rely on the authenticity of signers
- Non-repudiation: The audit trail and chain of custody provided by the eSign solution serve as proof that customer documents are technically, legally, and procedurally unassailable.
All responsible disclosures, in any form, are welcome. This covers any flaws discovered in eSign products. Your discovery can be submitted using our Vulnerability Disclosure Program. Please feel free to email support@esigndigital.com with any other questions you may have about product security.