Security and Compliance
Our mission is to provide foundational security safeguards for your products and data, making trust your most reliable asset.

Security

ISO 27001
As one of the most authoritative and widely applied information security management standards globally, ISO/IEC 27001 is extensively adopted by governments and large enterprises worldwide to establish robust information security frameworks. eSignGlobal has successfully obtained ISO/IEC 27001 certification and established a comprehensive information security management system covering personnel, processes, technology, and the entire data lifecycle, ensuring the continuous security of business operations and information assets.

ISO 27701
ISO/IEC 27701 is an internationally recognized extension standard for privacy information management, providing authoritative guidance for organizations handling personal data in compliance with global privacy requirements. eSignGlobal has obtained ISO/IEC 27701 certification, further strengthening its privacy governance capabilities on top of its information security management and ensuring that personal data processing complies with internationally recognized privacy regulations.

ISO 27018
Designed specifically for public cloud environments, ISO/IEC 27018 sets higher requirements for data protection and transparency for cloud service providers. eSignGlobal has obtained ISO/IEC 27018 certification, ensuring that personal data processing in cloud environments meets internationally recognized high standards and further enhancing the platform's credibility.

Security Whitepaper
Security: The Foundation of Digital Trust

Data Processing Agreement
eSignGlobal has developed and implemented a Data Processing Agreement (DPA) that clearly defines the rules and responsibilities for processing personal data during the provision of electronic signature and related services. This agreement complies with applicable data protection laws such as the GDPR, covering data processing audits, data security measures, data subject rights protection, and compliance mechanisms. It ensures that relevant personal data is processed and transmitted only to the extent necessary for contract fulfillment.

Customer Payment Information
eSignGlobal entrusts all payment processing to secure and reliable third-party companies. Our systems do not process, store, or transmit any payment card data.

Comprehensive Security Framework
The system includes mandatory two-factor authentication (2FA) and enforces complex password policies (including length and character composition requirements), providing a dual layer of protection for account logins.

Authentication
To protect the contents within the envelope, we employ a multi-step verification process. Available verification methods include access codes, SMS verification codes, email verification codes, digital identity verification, and authentication. Recipients can only gain access after successfully completing at least one verification method. This ensures that only authorized individuals can view secure content.
Privacy

Privacy Policy

eSignGlobal's Suppliers
eSignGlobal partners with trusted third-party suppliers that undergo rigorous security and due diligence reviews. A complete list of suppliers is available for review.

GDPR
eSignGlobal complies with GDPR data compliance requirements, including data audits, privacy policy updates, and establishing compliance mechanisms. It may transfer relevant personal data as necessary to fulfill contractual obligations.
Compliance

21 CFR PART 11
eSignGlobal supports life sciences and regulated industry clients in complying with 21 CFR Part 11 by providing robust electronic record and electronic signature controls, including access control, comprehensive audit trails, signature authenticity and enforceability, and data integrity protection.

Legality
Learn about e-signature usage around the world
Global Compliance Legal Research
We conduct in-depth analyses of electronic signature laws and regulations across global markets, systematically interpreting their core requirements for signing workflows, identity verification, and document management to provide clear and reliable legal compliance guidance for your business operations in various regions.

US Electronic Signatures Act and Uniform Electronic Transactions Act
Our platform supports electronic signatures compliant with the US Electronic Signatures Act (ESIGN Act) and the Uniform Electronic Transactions Act (UETA). By ensuring clear signer intent, consent, and secure electronic records, we guarantee that agreements are legally binding. Electronic documents signed on our platform are admissible and enforceable under US law.

eIDAS
Our platform aims to support eIDAS-compliant electronic signature workflows by integrating with over 50 trusted service providers (TSPs). It leverages qualified certificates and compliant trust services to enable AdES and QES signatures, allowing customers to implement eIDAS-compliant electronic signatures across the European Union.

HIPPA
eSignGlobal provides HIPAA compliance support for healthcare and health-related clients by implementing security and privacy controls that meet the HIPAA Security Rule, including access controls, audit logging, encryption, and secure data transmission.

GDPR
eSignGlobal meets GDPR data compliance requirements, including data auditing, privacy policy updates, and establishing compliance mechanisms, enabling the transfer of relevant personal data when necessary for contract fulfillment.

21 CFR PART 11
eSignGlobal supports life sciences and regulated industry clients in complying with 21 CFR Part 11 by providing robust electronic record and electronic signature controls, including access controls, comprehensive audit trails, signature authenticity and binding force, and data integrity protection.






