Appetite for risk security varies from organization to organization and is dependent on both the industry in which the organization operates and the corresponding legal and regulatory requirements. At DocuSign, we understand this. That’s why all our products are researched, designed, and developed with security as a top priority and built with configurable security in mind. Designed to maximize security for data at rest and in transit, the DocuSign Agreement Cloud allows you to configure security settings to match your security risk requirements for accessing, managing, and sharing data. Moreover, each DocuSign product in our trusted platform undergoes stringent security reviews and monitoring to ensure your data remains safe and protected. For product-specific security information, use the links below or to the left:
For an overview of key security features and practices that protect your documents and data within all DocuSign products, see below.
Hardware and infrastructure
Geo-dispersed, ISO 27001-certified, and SOC-audited datacenters, located across multiple geographic regions
Near real-time secure data replication and encrypted archival
Around-the-clock onsite security with strict physical access control that complies with industry-recognized standards
Annual Business Continuity Planning (BCP) and Disaster Recovery (DR) testing
Professional, commercial-grade firewalls, border routers, and network management systems
Systems and operations
Physically and logically separate networks
Centralized, logical access management system
Two-factor authentication, encrypted VPN access
Denial of Service (DDoS) mitigation
Active intrusion detection and prevention
Anti-malware software integration that automatically alerts DocuSign’s cyber incident response team if potentially harmful code is detected
Third-party penetration testing
Applications and access
Formal code reviews and vulnerability mitigation by third parties
Application-level Advanced Encryption Standard (AES) 256-bit encryption
Key management and encryption program
Digital audit trail, with a Certificate of Completion that provides non-repudiation for all documents generated and signed using DocuSign
Configurable security features
Multi-factor authentication provides additional level of assurance that only those authorized to access DocuSign products and associated documents can access them
Role-based authorization for all business transactions types enables you to designate access to specific individuals
Transmission and storage
Subscriber data encrypted in accordance with industry best-practice standards
Access and transfer of data to/from DocuSign via HTTPS
Signature verification of signing events
Unalterable, systematic capture of signing data
Digital certificate technology
Customer-configurable data retention capability
Learn how DocuSign uses transaction data and the "Certificate of Completion."
Comprehensive security from start to finish
This foundation delivers end-to-end security to our customers and their data:
Confidentiality: customer information stays confidential, including from DocuSign—customer documents and data are private and access is workflow controlled.
Integrity: each document is ensured to be both intact and tamper evident.
Availability: DocuSign’s replicated, geo-dispersed infrastructure delivers consistent high availability, providing assurance that our service is there whenever customers need it.
Authenticity: customers can rely on the authenticity of signers through the multi-faceted verification of signing events.
Non-repudiation: customer documents are ensured technically and legally and are procedurally unassailable as evidenced by the audit trail and chain of custody available with the DocuSign solution.
Disclosure: all forms of responsible disclosure are welcomed. This includes any vulnerabilities found in DocuSign products. You can submit your finding through our Vulnerability Disclosure Program. For any other product security related query, feel free to contact firstname.lastname@example.org.