Geographical recognition

Binding Corporate Rules

DocuSign obtained approval of its applications for Binding Corporate Rules (BCR) as both a data processor and data controller from the European Union Data Protection Authorities. DocuSign’s approved BCR enable lawful cross-border transfers of data through the DocuSign platform and eSignature service. Customers will be able to transact business with increased confidence knowing that they will comply with GDPR data transfer requirements when using DocuSign. Learn more about DocuSign's BCR.

FedRAMP (US Federal Risk and Authorization Management Program)

FedRAMP is a standardized approach for assessing, monitoring, and authorizing cloud computing products and services. DocuSign has an initial Authorization to Operate sponsored by the Federal Communications Commission (FCC) and is listed on the FedRAMP marketplace with a Government Community Cloud deployment model. In August 2017, DocuSign was officially awarded FedRAMP authorization and is listed on the U.S. Federal Government’s FedRAMP marketplace.

FISC (The Center for Financial Industry Information Systems)

The FISC develops security guidelines for information systems, which are followed by most financial institutions in Japan. These include guidelines for security measures to be put in place while creating system architectures, auditing of computer system controls, contingency planning, and developing security policies and procedures. Though compliance with the FISC Security Guidelines isn’t required by regulation nor audited by the FISC, DocuSign elected to become a member of the FISC and implemented internal controls to be compliant with the FISC Security Guidelines. For a detailed description of how DocuSign demonstrates FISC compliance, please contact your account manager.

Compilation of (EU) Member States Notification on SSCDs and QSCDs

This publication lists the signature devices that shall be considered as Qualified Signature Creation Devices (QSCDs) under the eIDAS regulation. DocuSign owns and operates a remote signature device, which is listed in this publication, and is the leading global eSignature solution offering cloud-based eIDAS-compliant electronic signatures.

EU Trusted List

According to the eIDAS Regulation, EU Member States must publish lists of trust service providers (TSPs) and the qualified trust services they provide. Only TSPs that are on a Member State’s Trust List are considered qualified and can offer their qualified trust services in all of the EU.