Depending on the industry in which an organisation operates as well as the relevant legal and regulatory requirements, different organisations have different appetites for risk security. We at E-Sign are aware of this. Because of this, security is a top priority in the research, design, and development of all of our products, and they are all constructed with configurable security in mind. The E-Sign Agreement Cloud is designed to maximise security for data in transit and at rest and lets you customise security settings to meet your needs for managing and sharing data access and security risks. Additionally, each E-Sign product on our reputable platform is subject to rigorous security audits and monitoring to guarantee that your data is kept secure and private. Use the links to the below for information on the security of particular products:
See the list below for a summary of the main security measures and procedures used by all E-Sign products to safeguard your documents and data.
Hardware and infrastructure
- Multi-regional, geo-distributed datacenters with ISO 27001 certification
- Secure data replication in close to real-time and encrypted archiving
- strict physical access controls and round-the-clock on-site security that adhere to widely accepted standards
- Annual testing for Disaster Recovery (DR) and Business Continuity Planning (BCP)
- network management systems, border routers, and firewalls of the highest caliber.
Systems and operations
- Physically and logically separate networks
- Centralized, logical access management system
- VPN access with encryption and two-factor authentication
- Mitigation of Denial of Service (DDoS)
- active detection and prevention of intrusions
- Integration of anti-malware software that instantly notifies E-Sign’s cyber incident response team if potentially harmful code is found
- penetration testing by a third party
Applications and access
- formal code reviews and third-party vulnerability mitigation
- Advanced Encryption Standard (AES) 256-bit encryption at the application level
- Program for key management and encryption
- malware defense
- All documents created and signed using E-Sign are protected by a digital audit trail and a Certificate of Completion that prevents revocation.
- security features that can be customized
- Multi-factor authentication adds another layer of security to ensure that only users with the proper authorization can access the E-Sign products and related documents.
- Role-based authorization for all business transactions types enables you to designate access to specific individuals
Transmission and storage
- In accordance with industry best practices, subscriber data is encrypted.
- HTTPS access and data transfer to/from E-Sign
- controls to prevent tampering
- Verification of signing events by signature
- systematic, unchangeable recording of signing data
- Technology for digital certificates
- ability to set the customer’s own data retention parameters
Complete security from beginning to end
End-to-end security for our customers’ data is provided by this foundation:
- Customer information is kept private, including from E-Sign; documents and data are private, and access is managed by workflow..
- Integrity: every document is guaranteed to be tamper-evident and intact..
- Availability: Customers can be sure that E-Sign’s service will be available whenever they need it thanks to its replicated, geographically dispersed infrastructure, which consistently offers high availability..
- Authenticity: Through the multifaceted verification of signing events, customers can rely on the authenticity of signers..
- Non-repudiation: The audit trail and chain of custody provided by the E-Sign solution serve as proof that customer documents are technically, legally, and procedurally unassailable..
- All responsible disclosures, in any form, are welcome. This covers any flaws discovered in E-Sign products. Your discovery can be submitted using our Vulnerability Disclosure Program. Please feel free to email support@E-Sign.co.uk with any other questions you may have about product security..