The DocuSign platform – a secure foundation

DocuSign’s advanced platform architecture  and security operations are designed to maximize security for data at rest and in transit, and each component of our trusted platform undergoes stringent security review.

Hardware and infrastructure

  • Three geo-dispersed, SOC-certified datacenters
  • Near real-time secure data replication and encrypted archival
  • 365x24x7 onsite security
  • Annual Business Continuity Planning (BCP) and Disaster Recovery (DR) testing
  • Third-party penetration testing

Systems and operations

  • Physically and logically separate networks
  • Two-factor, encrypted VPN access
  • Professional, commercial-grade firewalls and border routers
  • Denial of Service (DDoS) mitigation
  • Active monitoring and alerting

Applications and access

  • Formal code reviews and vulnerability mitigation by third parties
  • Application-level Advanced Encryption Standard (AES) 256-bit encryption
  • Key management and encryption program
  • Malware protection
  • Digital audit trail
  • Multiple authentication mechanisms

Transmission and storage

  • Subscriber data encrypted in accordance with industry best-practice standards
  • Access and transfer of data to/from DocuSign via HTTPS
  • Anti-tampering controls
  • Signature verification of signing events
  • Unalterable, systematic capture of signing data
  • Digital certificate technology
  • Customer-configurable data retention program

Comprehensive security from start to finish

This foundation delivers end-to-end security to our customers and their data:

  • Confidentiality: customer information stays confidential, including from DocuSign—customer documents and data are private and access is workflow controlled
  • Integrity: each document is ensured to be intact and tamper evident
  • Availability: customers can be confident that DocuSign's service will be available with a robust infrastructure, historically providing an average of 99.99% uptime
  • Authenticity: customers can rely on the authenticity of signers through the multi-faceted verification of signing events
  • Non-repudiation: customer documents are ensured technically and legally and are procedurally unassailable as evidenced by the audit trail and chain of custody available with the DocuSign solution