To demonstrate our commitment to protecting customer data, DocuSign has significantly invested in maintaining certifications in the following regulatory and industry standards.


ISO 27001:2013

DocuSign is ISO27001:2013 certified. This is the highest level of global information security assurance available today, and provides customers assurance that DocuSign meets stringent international standards on security.

Learn More >

SOC 1 Type 2, SOC 2 Type 2

As a SOC 1 and SOC 2-certified organization, DocuSign complies with the reporting requirements stipulated by the American Institute of Certified Public Accountants (AICPA). We undergo yearly audits across all aspects of our production operations, including our datacenters, and have sustained and surpassed all requirements.

Learn More >

xDTM Standard

The first standard of its kind to focus on digital transaction management, the xDTM Standard was developed to raise the bar on quality and promote more trust and confidence in conducting business transactions online. The standard ensures that digital transactions are protected yet accessible, regardless of where parties reside or the devices used. DocuSign is certified compliant with the xDTM Standard.

Learn More >


DocuSign maintains compliance with the current version of the PCI Data Security Standard (DSS) to ensure safe and secure handling of credit card holder information. As overseen by the Payment Card Industry Security Standards Council (PCI SSC), DocuSign places stringent controls around cardholder data as both a service provider and merchant. DocuSign is listed as a PCI Service Provider on the Visa Global Registry of Service Providers.

Learn More >


With Skyhigh's CloudTrust program, DocuSign fully satisfies the most stringent requirements for data protection, identity verification, and security controls based on detailed criteria developed in conjunction with the Cloud Security Alliance (CSA).

Learn More >