To demonstrate our commitment to protecting customer data, DocuSign has significantly invested in maintaining certifications in the following regulatory and industry standards.
DocuSign’s prestigious Security Compliance certifications affirm our adherence to globally recognized standards, ensuring the confidentiality, integrity, and availability of information across DocuSign. Our compliance portfolio not only underscores our dedication to cybersecurity but also instills trust in our stakeholders, assuring them that their data is handled with the highest level of diligence and security
In addition, please also refer to our Global Standards and Guidelines.
DocuSign is ISO 27001:2013, ISO 27017:2015 and 27018:2019 certified, which demonstrates our unwavering commitment to information security and showcases our proactive approach to safeguarding sensitive data.
DocuSign maintains compliance with the current version of the PCI Data Security Standard (DSS) to ensure safe and secure handling of credit card holder information. As overseen by the Payment Card Industry Security Standards Council (PCI SSC), DocuSign places stringent controls around cardholder data as both a service provider and merchant.
DocuSign is listed as a PCI Service Provider on the Visa Global Registry of Service Providers.
SOC 1 Type 2, SOC 2 Type 2
As a SOC 1 and SOC 2- attested organization, DocuSign complies with the reporting requirements stipulated by the American Institute of Certified Public Accountants (AICPA). We undergo yearly audits across all aspects of our production operations, including our datacenters, and have sustained and surpassed all requirements.
DocuSign has achieved the Asia-Pacific Economic Cooperation (APEC) Privacy Recognition for Processor (PRP) System certification. APEC has established Cross-Border Privacy Rules (CBPR) and Framework to protect the privacy and security of personal information at-rest and in-transit. Our commitment to APEC-PRP compliance underscores our dedication to upholding the highest standards in data privacy and protection, ensuring that our customers' information is handled with the utmost care and in full accordance with international regulations.
Please search in the APEC Certificate Directory for DocuSign's compliance certificate.
The Information Security Registered Assessors Program (IRAP) is an initiative by the Australian Signals Directorate (ASD). It provides a framework for cybersecurity and risk management that organizations can use to safeguard Australian government data and systems against cyber threats. DocuSign has undergone an assessment and meets the Protected Level requirements, aligning with both the Australian Government Information Security Manual (ISM) controls and the Protective Security Policy Framework (PSPF).
DocuSign adheres to the requirements of the Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) assessment. The CSA STAR assessment comprises key principles of transparency, rigorous auditing, and harmonization of standards. Our Consensus Assessments Initiative Questionnaire (CAIQ) documents the rigor and strength of DocuSign’s security posture and best practices and is publicly accessible for viewing and download from the CSA STAR registry.