DocuSign eSignature service capabilities that support customer compliance
If your organization is subject to a range of specific regulatory requirements, the DocuSign eSignature service can serve as a key component for meeting your compliance obligations. DocuSign’s technology platform is highly configurable and flexible, which enables it to meet specialized requirements in areas such as life sciences, banking, finance and securities, medical privacy, real estate, and more.
DocuSign provides a versatile set of services, both with the DocuSign eSignature platform and through the delivery of customer-focused operational programs, for customers who are subject to the strictest of regulatory compliance requirements.
Flexible configuration options
The DocuSign eSignature service is part of a family of global solutions offered by DocuSign that recognize locally designed regulations around the world.
Similar to DocuSign’s other offerings, the service provides customers with a broad range of configurable parameters that enable customers to enforce policies and requirements applicable to their particular circumstances. These configurable capabilities span areas such as:
User authentication and user accounts
Enforcing specialized signing requirements
Specific restrictions or privileges for viewing, downloading, and offline data access
Other customer-implementable controls that ensure the authenticity and integrity of records and signatures, from the point of creation to the point of receipt
Maintaining configured account settings
Configuring account settings on the DocuSign eSignature service and maintaining them to ensure adherence to a specific regulatory requirement is critical for customers relying on specific workflows or the enforcement of particular policies as part of their compliance. DocuSign can work with a customer’s account administrator to make any necessary changes to the account settings to accomplish this.
This type of request is handled via a signed Account Change Request (“ACR”) between the customer and DocuSign to specify configuration changes. The ACR can serve as a process control to help a customer determine if a setting change may affect compliance, thus reducing the risk of legal implications for both customers and DocuSign.
For customers who require digital signatures as part of conducting business in certain countries or industries, DocuSign:
Supports Public Key Infrastructure (PKI)-based digital signatures that utilize digital certificates to verify identity
Delivers the various signature types defined under eIDAS, including EU Advanced Electronic Signatures (AES) and EU Qualified Electronic Signatures (QES)
Offers digital signature capabilities that align to FDA 21 CFR part 11, in the US
User guides and administrator documents on DocuSign’s publicly available site provide greater detail about these options.
Appropriate authentication of a signer prior to signing decreases the risk of fraudulent transactions due to identity theft and improves data privacy. Use of stronger authentication or multiple layers of authentication lowers the risk of contract repudiation.
The DocuSign eSignature service provides customers with a range of authentication options, so they can align the level of signer authentication to the sensitivity of their eDocument. The authentication methods supported by the DocuSign eSignature service range from confirming IP addresses to using authentication codes sent by SMS to the use of knowledge bases to validate identity. See more detail on the authentication capabilities of the DocuSign eSignature service in the product features area.
Rigorous internal and third-party audit reports
Regulated industries may have specific requirements for the use of electronic signatures and electronic records with respect to how they are created, modified, maintained, archived, retrieved, transmitted, or submitted.
As a part of demonstrating their own compliance, a DocuSign customer can leverage DocuSign’s audit reports to demonstrate how DocuSign is meeting its performance obligations to its customer, relevant to a particular regulation. This may include areas such as service features, DocuSign’s adherence to company policies, or employee training requirements. More information about DocuSign’s audit and compliance attestations is provided on the Trust Center under Certifications.
Built-in electronic record and signature disclosure capability
The DocuSign eSignature service includes an Electronic Record and Signature Disclosure (ERSD) template, sometimes referred to as the Consumer Disclosure. Customers may use this feature to obtain a consumer’s consent to receive notices and disclosures electronically, as may be required under the US ESIGN Act (“ESIGN Act”) in certain situations.
The default ERSD includes language intended to address typical needs in an ERSD, such as:
Describing the range of notices to be provided electronically
Terms and conditions for providing electronic notices and disclosures
How consumers may withdraw their consent
The ERSD is also turned on by default and all new recipient signers are presented with the ERSD as a first action when they arrive at the DocuSign eSignature service. Customer administrators may set a range of options to configure the ERSD and also upload their own ERSD. See ERSD capabilities for additional information and Built-in ERSD for a copy of the default ERSD that comes with the DocuSign eSignature service.
How DocuSign can help
See DocuSign’s solutions for industries and departments to learn more about how DocuSign helps customers meet their compliance needs across a range of industries
In addition, DocuSign can partner with customers to help meet compliance needs. Customers should have a clear understanding of their specific compliance requirements or use cases that represent regulations to which they must adhere. Specialized DocuSign resources in legal, product, and customer operations can review specialized capabilities offered by DocuSign. Please contact Sales for more information.
Learn more about DocuSign security and privacy practices relevant to compliance in the Data Governance White Paper.