The DocuSign CLM Technology Teams will be conducting necessary maintenance on Sunday, October 8th from 18:00 CEST (16:00 UTC) to 22:00 CEST (20:00 UTC).

During this maintenance window, the EU21 CLM instance may be intermittently unavailable.

We apologize for any inconvenience during this time.

Please reach out to DocuSign CLM Technical Support for any questions or concerns and check back here for updates regarding the schedule.

On Sunday, August 20, 2023 - 10:00pm - 11:59pm (CST), DocuSign CLM/SpringCM has performed a CLM public SSO certificate renewal for the springcm.com domain in the CLM UAT environment.

We will be performing the same exercise in the CLM PROD environment on Saturday October 14, 2023 - 10:00pm - 11:59pm CST.

During these maintenance windows there may be disruption to CLM login and authentication.

Find the UAT environment ssouat.springcm.com public certificate here: https://www.docusign.com/file/107281

Find the PROD environment sso.springcm.com public certificate here: https://www.docusign.com/file/107280

Please note that the Intermediate and Root certificates have been changed as well. More information can be found here: https://knowledge.digicert.com/generalinformation/digicert-root-and-intermediate-ca-certificate-updates-2023.html?om_ext_cid=dc_email_7014z000001YYf8AAG_11503&mth=

Intermediate (DigiCert Global G2 TLS RSA SHA256 2020 CA1): https://www.docusign.com/file/107273

Root (DigiCert Global Root G2.pem): https://www.docusign.com/file/107274

On Thursday September 7, 2023, from 9:00pm - 10:00pm CDT, DocuSign CLM will be performing scheduled maintenance on the UAT environment.

During this maintenance window CLM document upload may be intermittently unavailable in UAT.

We are writing to inform you that DocuSign has updated the subprocessor list for DocuSign Services.

We further wish to inform you that you may object to a subprocessor by submitting your objection by email to privacy@docusign.com with subject line “Subprocessor Objection,” along with your name, your company’s name, the name of the DocuSign service, the name of the subprocessor and the grounds for objection.

Regards,

The DocuSign Privacy Team

On May 31, Progress discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment (CVE-2023-34362).

DocuSign does not use this product and has confirmed with key vendors there has been no evidence of impact to customer data at this time. DocuSign will continue to monitor and assess alerts and notifications for potential impact.

DocuSign is experiencing an uptick in phishing activity through improper use of DocuSign. Report improper use of DocuSign accounts directly through the envelope email notification Report Abuse link or through the DocuSign i-Sight portal directly via this link (https://docusign.i-sight.com/portal/reportonline?lang=en_US&theme=DocuSign).

The most recent activity observed is sent from DocuSign DEMO accounts (dse_demo@docusign.net) using a variety of sender email addresses with public domains, for example abcdef1+123@gmail.com. The envelopes are often already completed and include the completed document as an attachment (.pdf) to the email notification. This tactic is meant to evoke a sense of urgency that is intensified by the mention of a financial transaction. The likely intent is to trick recipients into providing sensitive financial information through a link or by calling a phone number listed in the attachment.

Email subject line examples:

• Your order is approved. Welcome to the Amazon family

• Completed: Complete with DocuSign: Purchase Report 645456374FGDT.png

• Completed: Signup_Order_delivered_amt_debited_ptrv8009785krp

• Completed: Complete with DocuSign: Thank you for payment WEDR5656TRFEW.png

• SUBSCRIPTION_renewal_2023_07_18_58648569-khpd-969743

• Thank_you_for_signingup_with_us_infhrt7649ref0tqrjk_736950

Theme examples:

• Amazon

• Geek Squad

• Norton

• PayPal

• Advance America

• Invoice

NOTE: If you do not see activity matching the email notification when reviewing your DocuSign account, then the email is an imitation DocuSign attempt. Report imitation DocuSign attempts to spam@docusign.com. 

As a reminder, do not click on any email or attachment links from unknown or untrusted senders. All customers are also reminded that they should continue their own due diligence, identify, and report suspicious activity, including fraud/illegal activity. See the Incident Reporting page (https://www.docusign.com/trust/security/incident-reporting) on our Trust Center for more information. Customers should also continue to utilize their own organization's security tools to investigate potentially malicious documents, links and notifications.

For more information on how to spot phishing, please see our Combating Phishing and Protecting Your Organization Against DocuSign Brand Impersonation white papers.

On Wednesday, July 5 2023, between 8:00 PM - 10:00 PM CST, DocuSign CLM/SpringCM performed a CLM public wildcard certificate renewal for the springcm.com domain in the CLM UAT environment.

The same change will occur in the CLM PROD environment on Sunday, July 16, 2023, between 8:00 AM - 9:00 AM CST, rather than the previously scheduled change announced for Wednesday, July 12 2023.

This work may impact the ability to login during this timeframe.

Find the *.springcm.com public certificate here.

Please note that the Intermediate and Root certificates have been changed as well. More information can be found here.

Intermediate (DigiCert Global G2 TLS RSA SHA256 2020 CA1): here.

Root (DigiCert Global Root G2.pem): here.

Dear Customer,

We are writing to inform you that DocuSign has updated the subprocessor list for DocuSign Services.

We further wish to inform you that you may object to a subprocessor by submitting your objection by email to privacy@docusign.com with the subject line “Subprocessor Objection,” along with your name, your company’s name, name of the DocuSign service, the name of the subprocessor and grounds for objection.

Regards,

The DocuSign Privacy Team

The DocuSign CLM Technology Teams will be conducting necessary reporting maintenance.   

Planned Outage Date: Wednesday, March 22nd starting at 21:00 CT (Wed, March 23 02:00 UTC) to Wednesday, March 22nd at 23:00 CT (Wed, March 23 04:00 UTC). 

Impact: During this maintenance window reports may fail for some NA11 CLM customers.   

We apologize for any inconvenience during this time. Please reach out to DocuSign CLM Technical Support for any questions or concerns and check back here for updates regarding the schedule.

DocuSign has recently updated the Subprocessor List. To see relevant changes and access the updated list, please visit this page.

Should you have any questions, do not hesitate to contact us at privacy@docusign.com.