studies indicate that the modern consumer is growing increasingly concerned
with data privacy, but this is not surprising. With several big-name companies
experiencing major data breaches over the last few years, customers are now
wary of the way their personal information is handled by the companies with
which they interact. In fact, a Gallup survey released in 2015 stated that only
around 20 percent
of respondents indicated that they had “a lot of trust” in the ability of their
most-used businesses to adequately protect personal data.
Data, the Internet of Things, and the digital disruption that accompanies these
two movements have rendered it more important than ever for companies to offer
clients active privacy solutions built into products, services, and operations.
One company that is making security a priority is DocuSign.
following stringent measures DocuSign takes to provide clients with a secure digital
transaction management platform makes its eSignature solution the kind of
service that modern customers can depend on:
DocuSign abides by some of the world’s strictest
has achieved security certifications beyond those of its competitors. For
example, it is the only company providing digital transaction management
services to meet the requirements for ISO 27001 certification, a
technology-neutral, risk-based approach to data security that is awarded only
after an organization has passed a formal assessment by a qualified firm or
individual. During the assessment, examiners review all aspects of business
operations, including leadership, planning, support, internal auditing, and
commitment to continued security improvement.
addition to ISO 27001, DocuSign is also certified under the guidelines set down
by SSAE 16, an ordinance established by the American Institute of Certified
Public Accountants. The stipulations of SSAE 16 require DocuSign to undergo
annual audits of many aspects of its operations, including the datacenters
where it stores client information. Additional security credentials include
compliance with the xDTM Standard, Version 1.0, and adherence to cloud privacy
and data security programs from CloudTrust and TRUSTe.
follows these standards to make sure clients have complete and exclusive access
to their own documents and that all sensitive data is shielded from the view of
unapproved people, even from DocuSign. Though clients’ virtual documents are stored
in the company’s physically secure data centers, DocuSign is not able to view
them. The company also does not sell client information.
It uses encryption and the PKI protocol to protect
a concept, encryption refers to a process by which data is converted into an
unreadable format to be decoded by a key. Applied to eSignature and digital
transaction management software, encryption is a method by which DocuSign keeps
the full documents of all clients safe from unauthorized viewers.
deliver the highest possible standard in data security to its customers, DocuSign employs AES 256 bit encryption. This
symmetric block cipher is the same tool used by organizations like the US Government
and the National Security Agency to protect confidential, secret, and top-secret
information stored in a digital format. DocuSign also leverages the power
behind this level of encryption in order to create a secure digital signature
option that meets Public Key Infrastructure (PKI) requirements.
meet the qualifications for designation as a safe digital signature provider,
DocuSign’s digital signature technology generates (via an algorithm) two long
numbers that act as keys. One of these keys is public, for use by outside
parties to verify a DocuSign user’s signature. The other key is private, kept
secret by the signer at all times. When a document receives a digital signature,
the original algorithm deciphers the encryption of the two keys to determine
whether or not they match. If they do, a digital signature is created. If they
do not, it indicates an unauthorized signing, and the document cannot be
endowed with a user’s signature.
DocuSign allows senders complete control over who
can see documents.
addition to the operational security standards followed by the system, enhanced
privacy options are available for signers and senders when using DocuSign’s
eSignature platform. For senders, the DocuSign Document Visibility tool can be
useful when a virtual envelope containing multiple pages must be sent to a
group of signers, but not every signer is permitted to view all documents
contained within the envelope. When the Visibility feature is activated, a
signer will only be able to access those documents in which a tag has been
added for his or her personal signature. This enables individuals to sign
document pages with sensitive data related only to them while also signing
pages that require the signature of multiple parties—all within the same
tools that enhance the personal security of DocuSign users include multiple
signer authentication options for different levels of desired security. All
package options offered by DocuSign have the option for access code
authentication, while a selection of plans also offer other methods including
SMS Authentication, Phone Authentication, ID Check, and Live or Social ID Check.