Security overview

Security overview

DocuSign’s enterprise information security program is an integral part of our global operations. In fact, information security is in our DNA and engrained in our people, processes, and technologies.

Our approach is simple: every employee is responsible for information security, including protecting:

  • DocuSign-owned information assets
  • Customer and partner information assets
  • The underlying technology infrastructure generated, processed, and stored in DocuSign environments

We further ensure the safety of customer data by restricting employee access to the DocuSign production environment to only ongoing maintenance activities. Employees with this access undergo additional information security training. 

As an agreement cloud company, we’ve also invested heavily in:

  • Maintaining and growing our threat intelligence and cybersecurity capabilities
  • Building a dedicated compliance team who provides independent assurance that our enterprise information security program meets or exceeds national and international security standards and follows industry best practices
  • Supporting employees across all the information security domains with dedicated subject matter experts

Moreover, our program is subject to annual independent audits for compliance and industry standards certifications, ensuring that our program not only meets but exceeds the most stringent of security requirements.

Security resources

Learn more about DocuSign’s security activities with these resources:

DocuSign’s security program

People

Everyone at DocuSign, from the facilities staff to the executive team, is committed to security excellence. A cross-functional team of experts is devoted to security-related activities.

Processes

All business processes, including internal policies, the Software Development Lifecycle, and platform monitoring, consider the security of our customer data.

Platform

DocuSign’s advanced platform architecture and security operations are designed to maximize security for data at rest and in transit, and each component of our trusted platform undergoes stringent security review. For more details on our platform and the benefits of comprehensive security from start to finish, visit platform security.  

Participants

We consider the senders, signers, partners, and developers who interact with our system a part of our security scope. We offer them a high degree of security assurance while taking steps to protect ourselves from any threats they might present.