Docusign Trust Center

Trust Center

Your source for our latest security &
system performance information

Meeting the most rigorous security standards in the world

DocuSign meets and exceeds some of the most stringent US, EU, and global security standards. DocuSign's commitment to and significant ongoing investment toward protecting customer data extends to all of DocuSign's operating environments, not just the core DocuSign Signature service itself —and third-party audit reports back it up. DocuSign is ISO 27001:2013 and SSAE 16, SOC 1 Type 2, SOC 2 Type 2 certified and tested internationally – across the entire company and its data centers.

Learn More

  • TRUSTe Privacy Certification

Security Updates And AlertsStay Informed @askDocusign on Twitter

Sept. 14, 2017

Update 9/14/2017 @ 11:00 AM Pacific Time – New Phishing Campaign Observed Today

DocuSign has observed a new phishing campaign that began the morning of September 14th targeting individuals in the APAC region. The email comes from "Stephanie Riches via DocuSign” (note, this name is subject to change) using the email address dse_na2 ...

Sept. 8, 2017

Update 9/6/2017 – DocuSign and Apache Struts Security Alert Status

Apache issued a security alert on September 5, 2017 for Struts, an open source framework for creating Java web applications.  The component performs unsafe deserialization and could lead to a remote code execution vulnerability. 

DocuSign does not use Apache Struts ...

Sept. 6, 2017

Update 9/6/2017 @ 8:41 AM Pacific Time – New Phishing Campaign Observed Today

DocuSign has observed a new phishing campaign that began the morning of September 6th (Pacific Time). The email comes from "Warner Amann via DocuSign” (note, this name is subject to change) using the email address docusign@fmelaw.com. The email ...