Security is always top of mind at DocuSign, just as it is for many of our customers. DocuSign is committed to the secure signing and retention of electronic documents. The following white paper shares industry best practices to protect your documents and the information you exchange with others.
Whitepaper: Best Practices for Electronic Document Management and Security
1. Continued
Share:
Security is always top of mind at DocuSign, just as it is for
many of our customers. DocuSign is committed to the
secure signing and retention of electronic documents.
Here are industry best practices to protect your documents
and the information you exchange with others:
Share data wisely
The information you share via a smart phone, tablet, laptop, or
desktop has tremendous value—and that makes it an attractive
target for many people, including businesses, competitors, criminals
and even countries conducting industrial espionage. Information
posted out to the public internet is catalogued and referenced by
search engines, making them easy to find by everyone and anyone.
Documents can be copied, posted elsewhere, linked and even altered
by others.
What to do:
degree that you want your own information protected.
you do not want exposed or exploited.
valuable when aggregated with other data, causing exposure about
you, your organization, or a third party.
Manage documents with care
Only make documents public if that is your intent. Once publicly
posted, your information is visible to viewers, collectable by digital
tools and search engines, and may be sold or traded by hackers,
countries and organized crime.
What to do:
extractable, and the information available to be repurposed. While
this does not in and of itself protect the data, it conveys that the
information is intended to be consumed by a wide audience.
exchanging and encourage them to label and safeguard data as a
manner of habit.
consumption.
Require authentication
If you want to restrict the information to only those authorized to
access it over the Internet, make it difficult for people to readily access
industry-standard practice, as is tracking who has accessed information
and documents via authentication.
What to do:
measures to ensure that the people accessing your data are authorized
to do so. The stronger and more complex the authentication, the
greater the protection provided.
and should be a hash or encrypted value that is not stored as a clear-
text password that can be stolen and re-used to impersonate you.
data and monitor those audit trails to ensure only proper access is
being granted.
verify that only authorized people are accessing the documents.
Layer security controls
layers of security, which increases the difficulty for non-authorized
ways to stop “the bad guys.”
What to do:
encrypted.
for sensitive information such as a digital access code that can be sent
to the person directly over other forms of communication, such as
phone or text.
to maintain control over the transaction.
certificates. Be aware of rogue sites that attempt to impersonate
having you enter your authentication data or obtain other private
information.
2. WHITE PAPER docusign.com
About DocuSign
DocuSign®
is the global standard for electronic signature®
. DocuSign accelerates transactions to increase speed to results, reduce costs, and delight
customers with the easiest, fastest, most secure global network for sending, signing, tracking, and storing documents in the cloud.
866.219.4318 | docusign.com
+44 (0) 800 098 8113 |
can perform actions on computers by capturing and sending out
information and negatively impacting the integrity of your data
without your ready knowledge.
available systems holding data without industry-standard controls,
such as two-factor encrypted authentication to validate the remote
access.
monitor a network and alert personnel about potential unauthorized
access attempts.
research and development, financial data, and personally identifiable
need to be protected with specific security controls and behind
firewalls configured to further restrict access.
Beware of live document links
Internet technology makes it possible to access documents over the
public documents, these links can also lend themselves towards
unintended data exposure if they are used for documents that are
private or confidential.
What to do:
documents are private or confidential.
or further validate the link as legitimate.
confidential information by merely selecting the link, inform the
secure authentication.
Protect the copy of record
If you rely on the integrity of a singular copy of record, ensure that
you have confidence in a reliable version that can be validated so
you can answer any challenge to the copy of record.
What to do:
validates the integrity of the document after each interaction.
for data entry and signature in an order that provides visibility
conduct business faster and with greater satisfaction from all involved
parties.
and transacted with the document. Digital audit trails denote
accountable actions with the data.
provides anti-tampering controls so that only where specified, data
can be entered and validated by the signing parties.
and anti-tampering mechanisms designed into the service. DocuSign
is designed with these controls essential to our eSignature service.
Secure archival storage
their lifecycle while still allowing them to be viewed and transacted
by authorized parties is essential to providing trust, reliability and
business efficiency.
What to do:
insecure protocol where control over the document is unmanaged.
process within their secure repository to validate the integrity of the
document, manage version control of the document, and ensure
oversight of the process by the document sender.
that exposes the data to various personnel. Documents stored with
application level of encryption provide confidentiality and assurance.
While this is a significant engineering effort and is rarely provided,
DocuSign designed and provides this essential layer of protection for
our customers. This ensures that no unauthorized parties, including
system administrators, can view documents.
should also provide tools for you to manage the documents you
create and name to manage and store documents over time.
Computing device security
access your data becomes more available and transportable. It is not
uncommon for people to access documents from a variety of places.
This enables us to conduct our lives and business more efficiently
3. WHITE PAPER docusign.com
About DocuSign
DocuSign®
is the global standard for electronic signature®
. DocuSign accelerates transactions to increase speed to results, reduce costs, and delight
customers with the easiest, fastest, most secure global network for sending, signing, tracking, and storing documents in the cloud.
866.219.4318 | docusign.com
+44 (0) 800 098 8113 |
by design, but it also introduces exposures and recommendations
to apply awareness and diligence around your mobile computing
activities:
What to do:
are left behind in restaurants, taxis, and even airports and they
protect smart phone devices with the default setting at one minute
or less.
secure authentication to online sites where private or confidential
to prevent impersonation, fraud, and identity theft.
and hard to deduce, and never share your credentials with others.
your digital data resides and how it is protected.
Choose business partners with security
certifications
global standards. DocuSign is the only eSignature provider that
datacenters.
noted exceptions across all aspects of our enterprise business and
environmental, and security access controls.
What to do:
related certifications they have received, and ask to see the reports.
consistency of the business partner in protecting your information to
ensure they align with industry standards.
variety of auditors helps to ensure that a wide range of testing and
Store your signed documents in DocuSign
The cost of implementing industry standard security controls can be
people transact personal and professional business electronically, the
more economical a certified third party service becomes to ensure
the highest levels of protection for your data.
access by all signing parties.
have a guaranteed copy of record and an ongoing digital audit trail
to validate who has viewed and signed your documents up to and
including the most recent activity on those documents.
the latest best practices can reduce risk and give you peace of mind
that your data and documents are protected to the highest means
possible.