DocuSign Data Security and Signer Authentication

We've previously published a series about ESIGN and Authentication best practices, covering online authentication, authentication processes, as well as secure authentication and eSignature processes. Today, we'll discuss data security and signer authentication, so you can know, with confidence, who signed.

How do you know your data is secure?

We provide a robust electronic signature system with several tiers of security. DocuSign has also passed multiple Fourtune 500 information security audits.

Our data centers are hardened and comply with the strictest standards, surpassing industry standards. We actually run two separate data centers - one in Seattle and one in Chicago, hosted by Savvis, a worldwide infrastructure provider.

Our data center security measures include:

• On-premise security guards
• Impenetrable building exterior with no signage, false entrances and vehicle blockades
• Biometric key-lock access, including palm scanners
• Security cameras with digital recorders and pan-tilt-zoom (PTZ) capabilities
• Security portals that allow authentication for only one person at a time

How do you know who signed?

In terms of signer authentication, DocuSign supports the following authentication methods:

• Email - validate and record the signer had access to a known email address
• Access code - A PIN or Password that is provided to each signer to access the document in order to sign
• ID Check - a Knowledge Based Authentication (KBA) process provided through DocuSign from RSA. This presents a set of questions only the signer could know.

In addition, we offer many other tools - OFAC, Age Verification, and STAN PIN for student lenders. It is not required that you add additional layers of signer authentication to your process, but if you need it, we've made additional layers of signer authentication available.

Each document deposited into the DocuSign system is individually encrypted with government standard encryption algorithms (AES 256 bit), and a digital fingerprint is created. Every time the document is accessed, it is analyzed to be certain it has not been tampered or modified. We also capture all aspects of signing in the audit trail, including email, IP address used, and exact time of signing. Any authentication methods requested are also captured.

All of this goes on behind the scenes, so you get the benefit of the most secure processing and handling, with the easiest and most familiar signing interface available. You get nothing like this from any other service or process on the market, so choose DocuSign as your electronic signature service provider for security and peace of mind.