Docusign Trust Center

Trust Center

Your source for our latest security &
system performance information

Highest level of certifications and audits

DocuSign meets and exceeds the most stringent US, EU, and global security standards. No other Digital Transaction Management (DTM) company can match the enterprise security and operations investments DocuSign has made—and third-party audit reports back it up. DocuSign is ISO 27001:2013 and SSAE 16, SOC 1 Type 2, SOC 2 Type 2 certified and tested internationally – across the entire company and its data centers.

Learn More

  • TRUSTe Privacy Certification

Security Updates And Alerts

July 19, 2016

Update 7/19/16 – DocuSign and OpenSSL Security Advisory status CVE- 2016-2107 & CVE-2016-2108

Recently there were 2 issues identified with OpenSSL. We have identified all impacted servers and have applied the appropriate patches necessary to remediate these issues within our environment. We have also confirmed that our network perimeter infrastructure is not vulnerable ...

March 1, 2016

Update 3/1/2016 - DROWN

On March 1st, a vulnerability in Secure Sockets Layer (SSL) Version 2 was announced under the name DROWN, which stands for Decrypting RSA with Obsolete and Weakened Encryption.  DROWN is a serious vulnerability that affects HTTPS and other services ...

Security Blog

Security in Email

The number of worldwide email accounts is expected to increase from an installed base of 3.1 billion in 2011 to nearly 4.1 billion by year-end 2015, according to a report by Radicati. Unfortunately some people take advantage of that tremendous volume for malicious purposes. DocuSign relies on the secure DocuSign Global Network to ensure document security. But what about email, which falls outside our carefully maintained network? Here are a few best practices for maintaining the top levels of email security for yourself and your organization.

Maintain an anti-virus and anti-spyware programs and keep them up to date: It’s well worth the effort to keep programs designed to help protect your computer. Popular ones to guard against malicious code include McAfee, Symantec, and Trend Micro along with free versions such as Avira AntiVir, AVG, Avast, BitDefender and Comodo. For spyware concerns, look into Ad Aware SE, Malwarebytes, Spybot Search and Destroy and Windows Defender.

Unsure of a link or attachment? Don’t click it: If you’re not expecting a document to sign, contact the sender by phone or by starting a new email to him or her. You might also use your search engine to see if other people are discussing a scam related to the questionable email you received, before you take action.  Don’t forward live links or click on unknown files as these are common methods cyber crooks use to get at your data.

Disable image previews. Use the setting that lets you decide whether to load images in each email, so you can decide first whether you trust the email and the sender.

Don’t always trust the apparent sender: The bad guys are smart enough to craft their malicious attempts to look, feel and sound like the major businesses that many people interact with regularly and already trust. Never provide sensitive or personal information in email, even if you think it is a legitimate communication. Email is not a secure way to transmit information. Instead, sign into your account on the company’s website and check on any requests there, or contact the company’s customer service department from their website (and not the email you received).

Don’t provide private or sensitive information to unknown parties:  Social engineering is another common method to obtain data that holds value. This can be done in over the phone or in person by someone posing as an interested party intent in obtaining as much personal data as you will freely provide. Unless you can validate the person asking questions as authorized to receive the information, err on the side of caution and don’t provide with further validation.

Download patches and upgrades to your operating system: By scheduling automatic updates, you can update your browser (if you use Windows and Internet Explorer) which may fix security problems and help protect you from viruses and spyware.

At DocuSign, there is no greater priority than the security of our customers’ information, data and documents. To learn more about DocuSign security, please read more on this site. You may also read about why it’s safer to share documents on the DocuSign Global Network.