eSign.AIeSign.AI

Security and Compliance

Our mission is to provide foundational security safeguards for your products and data, making trust your most reliable asset.

safe logo

Security

ISO 27001

As one of the most authoritative and widely applied information security management standards globally, ISO/IEC 27001 is extensively adopted by governments and large enterprises worldwide to establish robust information security frameworks. eSignGlobal has successfully obtained ISO/IEC 27001 certification and established a comprehensive information security management system covering personnel, processes, technology, and the entire data lifecycle, ensuring the continuous security of business operations and information assets.

ISO 27701

ISO/IEC 27701 is an internationally recognized extension standard for privacy information management, providing authoritative guidance for organizations handling personal data in compliance with global privacy requirements. eSignGlobal has obtained ISO/IEC 27701 certification, further strengthening its privacy governance capabilities on top of its information security management and ensuring that personal data processing complies with internationally recognized privacy regulations.

ISO 27018

Designed specifically for public cloud environments, ISO/IEC 27018 sets higher requirements for data protection and transparency for cloud service providers. eSignGlobal has obtained ISO/IEC 27018 certification, ensuring that personal data processing in cloud environments meets internationally recognized high standards and further enhancing the platform's credibility.

Security Whitepaper

Security: The Foundation of Digital Trust

Data Processing Agreement

eSignGlobal has developed and implemented a Data Processing Agreement (DPA) that clearly defines the rules and responsibilities for processing personal data during the provision of electronic signature and related services. This agreement complies with applicable data protection laws such as the GDPR, covering data processing audits, data security measures, data subject rights protection, and compliance mechanisms. It ensures that relevant personal data is processed and transmitted only to the extent necessary for contract fulfillment.

Customer Payment Information

eSignGlobal entrusts all payment processing to secure and reliable third-party companies. Our systems do not process, store, or transmit any payment card data.

Comprehensive Security Framework

The system includes mandatory two-factor authentication (2FA) and enforces complex password policies (including length and character composition requirements), providing a dual layer of protection for account logins.

Authentication

To protect the contents within the envelope, we employ a multi-step verification process. Available verification methods include access codes, SMS verification codes, email verification codes, digital identity verification, and authentication. Recipients can only gain access after successfully completing at least one verification method. This ensures that only authorized individuals can view secure content.

Privacy

Privacy Policy

eSignGlobal's Suppliers

eSignGlobal partners with trusted third-party suppliers that undergo rigorous security and due diligence reviews. A complete list of suppliers is available for review.

GDPR

eSignGlobal complies with GDPR data compliance requirements, including data audits, privacy policy updates, and establishing compliance mechanisms. It may transfer relevant personal data as necessary to fulfill contractual obligations.

Compliance

21 CFR PART 11

eSignGlobal supports life sciences and regulated industry clients in complying with 21 CFR Part 11 by providing robust electronic record and electronic signature controls, including access control, comprehensive audit trails, signature authenticity and enforceability, and data integrity protection.

Legality

Learn about e-signature usage around the world

Global Compliance Legal Research

We conduct in-depth analyses of electronic signature laws and regulations across global markets, systematically interpreting their core requirements for signing workflows, identity verification, and document management to provide clear and reliable legal compliance guidance for your business operations in various regions.

US Electronic Signatures Act and Uniform Electronic Transactions Act

Our platform supports electronic signatures compliant with the US Electronic Signatures Act (ESIGN Act) and the Uniform Electronic Transactions Act (UETA). By ensuring clear signer intent, consent, and secure electronic records, we guarantee that agreements are legally binding. Electronic documents signed on our platform are admissible and enforceable under US law.

eIDAS

Our platform aims to support eIDAS-compliant electronic signature workflows by integrating with over 50 trusted service providers (TSPs). It leverages qualified certificates and compliant trust services to enable AdES and QES signatures, allowing customers to implement eIDAS-compliant electronic signatures across the European Union.

HIPPA

eSignGlobal provides HIPAA compliance support for healthcare and health-related clients by implementing security and privacy controls that meet the HIPAA Security Rule, including access controls, audit logging, encryption, and secure data transmission.

GDPR

eSignGlobal meets GDPR data compliance requirements, including data auditing, privacy policy updates, and establishing compliance mechanisms, enabling the transfer of relevant personal data when necessary for contract fulfillment.

21 CFR PART 11

eSignGlobal supports life sciences and regulated industry clients in complying with 21 CFR Part 11 by providing robust electronic record and electronic signature controls, including access controls, comprehensive audit trails, signature authenticity and binding force, and data integrity protection.

Frequently Asked Questions
Can't find what you're looking for? Please contact us.