Geographical recognition

Binding Corporate Rules

DocuSign obtained approval of its applications for Binding Corporate Rules (BCR) as both a data processor and data controller from the European Union Data Protection Authorities. DocuSign’s approved BCR enable lawful cross-border transfers of data through the DocuSign platform and eSignature service. Customers will be able to transact business with increased confidence knowing that they will comply with GDPR data transfer requirements when using DocuSign. Learn more about DocuSign's BCR.

FedRAMP (US Federal Risk and Authorization Management Program)

FedRAMP is a standardized approach for assessing, monitoring, and authorizing cloud computing products and services. DocuSign has an initial Authorization to Operate sponsored by the Federal Communications Commission (FCC) and is listed on the FedRAMP marketplace with a Government Community Cloud deployment model. In August 2017, DocuSign was officially awarded FedRAMP authorization and is listed on the U.S. Federal Government’s FedRAMP marketplace.

FISC (The Center for Financial Industry Information Systems)

The FISC develops security guidelines for information systems, which are followed by most financial institutions in Japan. These include guidelines for security measures to be put in place while creating system architectures, auditing of computer system controls, contingency planning, and developing security policies and procedures. Though compliance with the FISC Security Guidelines isn’t required by regulation nor audited by the FISC, DocuSign elected to become a member of the FISC and implemented internal controls to be compliant with the FISC Security Guidelines. For a detailed description of how DocuSign demonstrates FISC compliance, please contact your account manager.

Compilation of (EU) Member States Notification on SSCDs and QSCDs

This publication lists the signature devices that shall be considered as Qualified Signature Creation Devices (QSCDs) under the eIDAS regulation. DocuSign owns and operates a remote signature device, which is listed in this publication, and is the leading global eSignature solution offering cloud-based eIDAS-compliant electronic signatures.

EU Trusted List

DocuSign France SAS, a DocuSign company, is a trust service provider (TSP) under EU Regulation 910/214 for electronic identification and trust services (eIDAS). As a TSP, DocuSign France provides qualified electronic signatures (QES), qualified time stamps, advanced electronic signatures (AES), and advanced seals recognized by all EU member states. DocuSign France is listed as a qualified TSP in the Trusted List managed by the French IT Security Agency, ANSSI.