Compliance overview

Meeting and exceeding standards worldwide

DocuSign's top priority is the privacy and security of our customers' information, documents, and data. The compliance content on these pages explains how DocuSign meets or exceeds national and international security standards, including strict security policies and practices that set the standard for world-class information security. We continually drive industry best practices in third-party audits and certifications, third-party assessments, and on-site customer reviews.

For information on DocuSign eSignature service capabilities that help you meet specific regulatory requirements, visit our customer compliance page.

Learn how data governance regulations and standards shape DocuSign's security and privacy practices by reading the Data Governance White Paper.

Highlights of DocuSign’s approach

DocuSign’s data governance standards, policies, and procedures are informed by a full range of factors, including:

  • Continuous monitoring of the security and privacy landscape to ensure our approach remains in step and complies with the latest state, federal, and international requirements
  • Adherence to industry regulations, such as CFR Part 11, Annex 11 (EU), HIPAA, SAFE-BioPharma, and Sarbanes-Oxley
  • A significant investment in maintaining globally recognized certifications and attestations, including enterprise-wide ISO 27001:2013 certification, PCI-DSS, and SOC 1 Type 2 and SOC 2 Type 2 reports

  • Dedicated teams of subject matter experts across privacy, information security, physical security, internal audit, compliance, and supplier risk
  • Customer contractual agreements that provide assurance for data privacy and security