DocuSign Digital Transaction Management Capabilities and ... · is used during development or...

DocuSignDigitalTransactionManagementCapabilitiesand

xDTMStandardV1.0Certification

IntroductionToday,DocuSignhasover225,000customersand85millionusers,whogeneratenearly950,000DigitalTransactionManagement(DTM)transactionsperday–andgrowing.

DocuSignisaleaderinDTM,bothasaglobalproviderofDTMsolutionsandasaparticipantinxDTM.org,across-industrystandardsorganizationthathelpscompaniesacceleratetheirtransitiontodigitaltransactionsandworkflows–safely,securely,andwithastrongreturnontheirinvestment.

DocuSigniscertifiedforthexDTMStandard,Version1.0,thefirstofitskindtofocusspecificallyonthequalityandreliabilityofdigitaltransactions.Inthiswhitepaper,DocuSign’scapabilities,policies,andtechnologiesarepresentedwithinthecontextoftheoftheeightrequirementareasofthexDTMStandard:

• Security• Assurance• Privacy• Validity

• Availability• Scalability• Interoperability• Universality

DocuSign’sDigitalTransactionManagementSolutionandthexDTMStandardWithDocuSign,youcanmakeanydecision,agreement,orapprovalprocess100-percentdigitalend-to-end.Youcanalsobeassuredthatyourdigitaltransactionswillbesafe,secure,andexecutedreliability,becauseDocuSignmeetsandexceedstherequirementssetforbythexDTMStandard.

SummaryofDocuSign’sAdherencetoxDTMStandardRequirements

Security: DocuSigndeliversworld-classsecurityandmeetsorexceedsU.S.andinternationalsecuritystandards.

Assurance: DocuSignwarrantsitscompliancetotheUSESIGNactandcomplieswithapplicablelaws,regulations,andindustrystandardsaroundtheworld.

Privacy: DocuSignbusinessandtechnologymeasuresensurecustomerprivacyandtheprotectionofproprietarycustomerinformationanddata.

Validity: TheDocuSignplatformprovidesanaudittrail,chainofcustody,tamper-evidentseals,andothermeasurestoassurethevalidityoftransactionsexecutedontheplatform.

Availability: DocuSignhasmaintainedmorethan99.99%averageavailabilityoverthepast5yearsanddoesn’tscheduleanydowntimemaintenance.

Scalability: DocuSignundertakesrobustcapacityplanningtoprovideresilientsystemperformanceandensurescalabilityforfuturegrowth

Universality: WithDocuSign,userscanconductbusinessgloballyviaanapportheirplatformofchoice–whilebothconnectedandoffline.

Interoperability: WithplatformAPIs,amobileSDK,out-of-the-boxintegrations,andarichpartnerecosystem,DocuSignintegrateswithachoiceofsolutions.

xDTMWhitePaper

TableofContentsSecurity.........................................................................................................................................................1

Assurance.....................................................................................................................................................8

Privacy........................................................................................................................................................10

Validity........................................................................................................................................................13

Availability..................................................................................................................................................16

Scalability....................................................................................................................................................19

Universality.................................................................................................................................................19

Interoperability...........................................................................................................................................21

xDTMWhitePaper

-1-

DocuSignConfidential,issuedunderNDAonly.Copyright©2016DocuSign,Inc.Allrightsreserved.DocuSign,theDocuSignlogo,“TheGlobalStandardforDigitalTransactionManagement”aretrademarksorregisteredtrademarksofDocuSign,Inc.intheUnitedStatesand/orothercountries.ForalistofDocuSign’strademarks,pleaseseewww.docusign.com/IP.Allothertrademarksandregisteredtrademarksarethepropertyoftheirrespectiveholders.

SecurityDocuSigndeliversworld-classsecurityandmeetsorexceedsU.S.andinternationalsecuritystandards.DocuSignisISO/IEC27001:2013andxDTMcertified,aswellasSSAE16,SOC1Type2,SOC2Type2examinedandtestedacrosstheentirecompany.

Inparticular,DocuSign’sorganization-widecommitmenttosecurityisreflectedinthescopeofitsISO/IEC27001:2013compliance,whichincludesall114controls.

“TheInformationSecurityManagementofDocuSign’selectronicsignatureandenterprisesupportservices,includingProductDevelopment,Engineering,QualityAssurance,Operations,Security,BCP/DR,Legal,HumanResources,IT,CustomerService,andtheDatacenters,deliversasecureinfrastructureandresilientenvironment.ThisisinaccordancewiththeISO/IEC27001:2013StatementofApplicabilityvers.229/24/2014”(CertificateissuedbyBritishStandardsInstitute).

SecuritytechnologyatDocuSignspansencryption,systemmonitoring,penetrationtesting,environmentalsegmentation,datacentersecurity,robustauthenticationandencryptionkeymanagementpractices,andproactivemonitoringofpotentialsecuritythreats.DetailsonDocuSignsecuritytechnologyandpoliciesastheyrelatetoxDTMStandardrequirementsaredetailedbelow:

xDTMStandardRequirement HowDocuSignDeliversWorld-ClassSecurity1. Sensitivecustomerdata,

encryptedortokenizedatrestorintransit,adherestoreferablestandard,suchasNIST,ISO,orequivalent.

• NoDocuSignemployee,vendor,orcontractorhasaccessorvisibilityintocustomerdocumentswithinaDocuSignenvelope.ThisincludesenvelopesresidentontheDocuSignservice,aswellasenvelopesthecustomerhastransferredfromtheservice.

• DocuSignmaintainsanInformationClassificationPolicytoassurethesecurityandprotectionofproprietarycustomerinformationanddata.Thepolicydefinesclassifications–suchasSecret,Restricted,Internal,andPublic–thatspecifytherequiredsecurityandhandlingofdata.Forexample,customerdocumentsintheproductionenvironmentareclassifiedasSecretandprotectedthroughsystemicencryption,whilecustomerrecipientinformationutilizedtorouteenvelopesforsigningisclassifiedasRestricted,withaccesslimitedtocustomerservicestaffonly.

• Asnotedabove,onlytransactionaldatasurroundingenvelopesispermittedtobeaccessed–suchasusername,emailaddress,phonenumber,address,andenvelopemetadata–andislimitedtocustomervalidation,customerservice,support,andsimilarpurposes.OnlyDocuSignemployeeswithademonstratedneedtoknowandspecificjobresponsibilitiesmayhaveaccess.Asanadditionalsafeguard,DocuSigntier-1customersupportisISO27001:2013certified.

• DocuSignencryptsdataend-to-endonitssystemstoensurethatdataissecurewhilebothintransitandatrest.Intransit,DocuSignreliesonTLSprotocolsusingstrongciphersuites(including256-bitkeys).Fordataatrest,DocuSignutilizesAdvancedEncryptionStandard(AES)256-bitencryptionwithmultiplelayersofencryptionkeys.

• DocuSignstorestwoprimarykindsofinformationonbehalfofusers:

xDTMWhitePaper

-2-


xDTMStandardRequirement HowDocuSignDeliversWorld-ClassSecurityo Transactionalmetadata(whosentwhat,when,andtowhom),storedinan

authenticatedSQLServeronanisolatedback-endnetwork(BEN)withTransportLayerSecurity(TLS)encryption

o CustomerdocumentsinsideDocuSignenvelopes,storedusingBinaryLargeObject(BLOB)withAES256-bitencryption.

• Duringreplication,dataisencryptedatAES256-bitencryptionwithmultiplelayersofencryptionkeysandisreplicatedviaprivatefibertosecuredatacenters,physicallysegregatedfromDocuSign'scorporatenetworks(seeSecurity:Section6).

PleaseseeFigure1:DocuSign’sNetworkArchitecture

2. Securesegmentationorcontainmentofdataisprovided.

• DocuSignmaintainsphysicallyandlogicallyseparatenetworksforitselectronicsignatureproductionserviceandcorporatebusinesssystems.AnyservicenotspecificallyallowedonDocuSign’snetworksisdisallowed,andnocustomerdataisusedduringdevelopmentortesting.

• Withintheproductionnetwork,DocuSignmaintainsaformalsecuresegmentationprogram.Separatemanagedenvironmentsexistfordevelopment,qualityassurance,pre-deploymentstaging,customerdevelopment,demonstration,andcustomerproduction.

• Thesecuresegmentationprogramincludesademilitarizedzone(DMZ)structurecomposedofapairoffirewallsseparatingtheproductionWebandapplicationhostsfromdirectInternetexposure.ItalsoincludesaninternalfirewallseparatingtheDMZserversfromdirectaccesstorelatedstoragedata.

• Thefront-endfirewallfilterstrafficthatentersadatacenter,andtrafficpassesthroughaback-endfirewallbeforereachingtheBENstorage.

• Aspartofitsmultitenantarchitecture,allenvelopeandencrypteddocumentdataiskeyedtoitsassociatedcustomeraccountusinguniqueaccountanduseridentifiers.

• Everysixmonths,DocuSignauthorizesathird-partyreviewofcorporateandproductionfirewalls.

• DocuSignmaintainsathird-partysecurityassessmentprogramandconductssecurityassessmentsagainstbusinesspartnersimportanttoDocuSign’sservice.

PleaseseeFigure1:DocuSign’sNetworkArchitecture

xDTMWhitePaper

-3-


xDTMStandardRequirement HowDocuSignDeliversWorld-ClassSecurity

Figure1:DocuSignNetworkArchitecture–CustomerDataIsEncryptedatAllTimes

3. Standards-basedencryptionkeymanagementisoffered(ISO,NIST,orequivalent).

Standards-BasedEncryptionKeyManagement• DocuSignmaintainsanencryptionkeymanagementsystemthatiscertifiedand

examinedunderISO27001:2013,PCIDSS,andSSAE.

• Aqualifiedthird-partyauditfirmvalidatesandtestsDocuSign’skeymanagementmethodology,whichisreportedannuallyinDocuSign’sSSAE16report.

ComprehensiveTechnicalMeasuresforKeySecurity

• DocuSignBLOBsareencryptedusingarandomlyassigned256-bitkeyfromaDocuSignEncryptionKeyManager.

• Noonepersonmaintainsthefullencryptionkeytodecryptcustomerdata.

• KeysintheDocuSignEncryptionKeyManagerareprotectedbyaDatabaseMasterKeyandanOperationsMasterKey,bothofwhichmustbepresenttoaccessthedocumentencryptionkey.Thismethodologyresultsinadouble-blindencryptionkeyprocessasafurthersecuritymeasure(seeStrictSegregationofDutiesbelow).

• Thereare1,000activeencryptionkeysatanypointintime,withkeysrotatedquarterly.

• Keyrotationprocess:

o Apurpose-builttoolconsumeskeysfromboththedatabasecredentialsandtheOperationsMasterKeyonaquarterlybasis.

o Thesystemgenerates1,000newencryptionkeysandusesthemtoencryptallnewdocumentsthatenterthesystem.Allpreviouskeybatchesremaintodecryptexistingdocuments.

StrictSegregationofDuties

xDTMWhitePaper

-4-


xDTMStandardRequirement HowDocuSignDeliversWorld-ClassSecurityDocuSignenforcessegregationofkeycustodianshipdutiestoensurecustomerdataremainssafe.

• Twodifferentteamsmanagethetwosetsofkeysthatmustbepresenttogethertoaccessthedocumentencryptionkey(OperationsMasterKeyandDatabaseMasterKey).

• Amemberofeachteamisrequiredinordertogainaccesstothedocumentencryptionkeys.ThetechnicaloperationsteamneverhasaccesstotheDatabaseMasterKey,andthedatabaseteamneverhasaccesstotheOperationsMasterKey.

• Asafurthersegregationmeasure,DocuSignpersonnelintrustedroleswithinthekeymanagementprocessdon’thavesystemaccounts.Theirroleislimitedtoonlyprovidingauthorizationsduringanemergencyevent.

PleaseseeFigure2:MultilayeredProtectionofEncryptionKeys

Figure2:Multi-layeredProtectionofEncryptionKeys

xDTMStandardRequirement HowDocuSignDeliversWorld-ClassSecurity4. Standards-basedencryption

keymanagementisoffered,includingtheabilityforcustomerstoholdencryptionkeys.

Forcustomerswhomayberequiredorchoosetodirectlymanagetheirencryptionkeys,DocuSignoffersaSecurityAppliance.

• TheDocuSignSecurityApplianceoffloadsthekeystorageandreleasepoliciesfromtheDocuSigncloudontoacustomer’sprivatenetwork,whilealsoallowingthemfulluseoftheDocuSignplatform.

• Thephysicalandlogicalseparationofcloud-baseddataandcustomer-retained

xDTMWhitePaper

-5-


encryptionkeysisdesignedtoaddresscustomerscenarioswherethehighestlevelofsecurityisrequired.

TheDocuSignSecurityAppliancefollowscloudsecuritybestpracticesforhigh-securityimplementations,asrecommendedbytheCloudSecurityAlliance.

5. Thecompanyperformsperiodicpenetrationtestingbyqualifiedthirdparties.

• DocuSignisISO27001:2013certifiedandPCIDSScompliant,withannualpenetrationtestingconductedagainstboththeDocuSignapplicationanditsinfrastructurebycredentialed,industry-recognizedorganizations.

• Thetestingscopeincludesphasessuchasarchitecturalreview,securityassessment,andexecutionofattacksagainsttheDocuSignexternalandinternalnetworkinfrastructure.

• Penetrationtestingincludesvalidationofanti-tamperingcontrols.

Actionabletestfindingsbecomeinputsintoaremediationandresponseplan,wherethey’reassignedaseverityratingandtrackedtoclosure.

6. Standard-basedsecuritysystemsatdatacenters(ISOorequivalent)areutilized.

ComprehensiveStandards-BasedDataCenterSecurity• DocuSignusesdatacentersthatareISO27001:2013,PCIDSS,andSSAE16

certified.

• DocuSignmaintainsstrongphysical,environmental,andsecurityaccesscontrolsforitsdatacenters,andthesepoliciesareISO27001:2013,PCIDSS,andSSAE16certified.

• Datacentersemploymeasuressuchas7x24x365guards,mantraps,keyedaccesstoDocuSigncages,andCCTV.

StringentAccessControl• DatacenteraccessisauthorizedbyDocuSign’sdirectoroftechnicaloperations

andincludesnotificationtothesecuritymanagementteam.

• DocuSigntracksaccesstothedatacenter,withvisitorlogsrevieweddailyandkeptfor90days.

7. Multifactorauthenticationmethodsaredeployedanddocumented.

SecureAccesstoCriticalEnvironments• DocuSignemploysinternaltoolsandcontrolstomanageaccesstoapplications

containingorretrievingsensitiveorcriticaldatasources.ThisincludesinternalaccesstotheproductionenvironmentaswellasaccesstotheadministrativepaneloftheDocuSignservice,whichisusedbyDocuSignpersonneltoconfigurecustomerimplementations.

• Accessisrestrictedtodesignatedpersonnelandconnectivityutilizesatwo-factorauthorizedVPNtunnel.EncryptionisAES256-bit,andtwo-factorauthenticationutilizesActiveDirectorycredentialsplusasofttokenrequiringaPINandtokencode.

AuditingofUsers

• DocuSigncapturesandcorrelatesloggedeventsinreal-timefromsystemsanddevicestoboththeoperationsandsecurityteams.Examplesinclude:o Identityofpersonsaccessingthesystem;successful/unsuccessfullogin

attemptso Additions,deletions,andmodificationstouseraccounts/privilegeso SwitchingofIDsduringanonlinesessiono Attemptstoperformunauthorizedfunctionsoraccessdatathatis

unauthorized

xDTMWhitePaper

-6-


o Sourceofconnectionandsystem-levelevents.• DocuSignmaintainsanauthorizationchainforemployeeaccessthatrequires

managementapprovalcommensuratetothesensitivityofapplicationsanddatasources.Accessisreviewedatleastquarterlytoverifythataccesslevelsareappropriate.

Inaninitialconfigurationandprovision,DocuSignstaffconfiguresomesecurity-relatedsettings,withcustomerpermission.Theadministrationinterfaceprovidesanauditlogofsettingsmadetotheaccountandbywhom,enablingcustomerstoseearecordofchanges.

8. ThexDTMsolutionmonitorsformaliciousandinappropriateactivityonanongoingbasis.

DocuSignimplementsadefense-in-depthapproachtohardeningtheproductionandcorporateenvironmentsagainstexposureandattack.Networkmanagementcontrolsinuseincludeanintrusiondetectionsystem(IDS),malwareprotections,andsystemmonitoring.

• Monitoringfrequency:Aqualifiedthird-partyperformsmonthlyinternalvulnerabilityscansandquarterlyapplicationscanning.

• Intrusiondetection:Productionsystemsareconfiguredtosendeventandlogdatatoasecurityinformationandeventmanagement(SIEM)systemwhereadedicatedteamcorrelatesandanalyzeseventsona24x7basis.

• Antivirus/anti-malware:DocuSignutilizesenterprise-classantivirus/anti-malwaresoftware.Endpointworkstationsandotherdevicesaremonitored,andnon-PDFdocumentsarescannedformaliciouscontentonconversiontoPDF.Antivirussignaturesareautomaticandperformeddaily.Usersarepreventedfromdisablingthesecontrolsoralteringtheirconfiguration.

Emailprotection:DocuSign’sproductionemailserviceutilizesbothDomainKeysIdentifiedMail(DKIM)forsigningoutboundemailandTLStoassurethatconfidentialcommunicationoccursoveranencryptedsession.

9. Theorganizationfocusesonintelligencecollection,leadingtosecuritybreachdetectionandprevention.

• DocuSignmaintainsprofessionalrelationshipsforsecuritynotificationswithorganizationsthatincludetheComputerEmergencyReadinessTeam(CERT),HighTechCrimeConsortium(HTCC),theInformationTechnology-InformationSharingandAnalysisCenter(IT-ISAC),andothers.

• DocuSignoperationsandsecurityoperationspersonnelsubscribetomultiplevendorandindustrysecurityadvisorymailinglists.

ThreatintelligenceismonitoredthroughouttheorganizationandaggregatedviaDocuSign’ssecuritycouncil.Whenathreat/riskisidentified,itspotentialimpactisassessedbythesecurityorganizationanddocumentedviathecompany’sriskregisterfortrackingandresolution.

10. Theorganizationprovidestheabilitytoanonymizedataforparticipationinthreatintelligencenetworks.

Duetosecurityconsiderations,additionalinformationregardingdataanonymizationmaybemadeavailableuponrequestorinresponsetospecificquestions.DocuSigndoesparticipateinthreatintelligencenetworksasmeansofhelpingtomitigatesecuritythreats.

11. Thecompanyemploysaresponsemodelthatadherestoapplicablelaws.

DocuSignmaintainsanISO27001:2013,PCIDSS,andSSAE16examinedandtestedincidentresponseprogramthatprovidesguidanceandprocedurestoenactintheeventofanincident.AComprehensiveResponseModel

• Theresponsepolicyclassifiesincidentsbytypeandseverity,setsthelikelyscopeofresponse,andassignsrolesandresponsibilities.

• Requirementsforincidentdetectionandreportingaredefined,andarangeof

xDTMWhitePaper

-7-


specificcontainmentmeasuresareprescribed.

• Requiredresponsetimesaredefinedforincidentsbasedonnatureandseverity.

• Requirementsforevidencegatheringaredetailed,aswellaseradication/recoverymeasures.

NotificationProgram• DocuSignmaintainsadatabreachnotificationprogramtopromptlynotify

customersintheeventtheirinformationislostorexperiencesunauthorizedaccess.

DocuSignwillcontactcreditcardissuersintheeventofacompromiseorremovalofcardholderdata.

12. Thecompanyhasanincidentplaybookinplace.

DocuSignmaintainsandexecutesanincidentresponseplaybookspecializedtosecuritythreatsandevents.Itaddressesincidentsbothproactivelyandreactively,whennecessary.

• Thescopeoftheplaybookincludesguidanceandproceduresfordetection,containmentresponse,resolution,anditeration/improvement.

• Inputsareusedtodetectanomaliesoridentifypolicyviolationsandincludesecuritypolicies,legalandcomplianceviolations,andthreatandriskinformation.

• Guidanceincludesareassuchasdefiningthescopeofmonitoring,usecases,andtriggers/thresholdsformonitoringsystems.

• Aspartoftheresponseprocess,allsecurityincidentsareprioritizedbasedonimpactandurgency.Servicelevelagreementssetresponsetimesforallstakeholdersinvolvedintheincidentmanagementprocessandprovideanaccuratemeasureoforganizationalperformance.

• Afterresolution,incidentmanagementmetricsaretrackedandreportedtoensuretheprocessisperformingasexpectedandtofurtherfine-tunetheresponseprocess.

Toensuretheplaybookevolvestoincorporateupdatedregulationsandstandards,aswellasbestpractices,theprocessisreviewedsemi-annually.

13. Thecompanymaintainsamaturesecurity/riskcouncil.

• DocuSign’ssecuritycouncilmanagessecurityriskforDocuSign;addressesallareasofsecurityrisk,includingoperationalrisk,compliance,design,andlegal/contractualrisk;andratifiesthecompany’ssecuritypolicy.

• Thesecuritycouncilmaintainsauthorityforverifyingthatcomplianceismaintainedacrossidentifiedcontrolsandoverseesagovernance,risk,andcompliance(GRC)programfortheorganization.TheprogramassuresGRCacrossareas,suchas:

o Customerinformationsecurityo Securityoperationso Databreachnotificationo Businesscontinuityo Keymanagemento Securitychangeapprovalo Securityassessmentso Securesegmentationo Incidentresponseprogram

xDTMWhitePaper

-8-


o Third-partysecurityassessmentprogram.• RiskstoDocuSignaremonitoredthroughouttheorganizationviasecurity

councilmeetings.Whenariskisidentified,therisklevelisassessedbythesecurityteamandaddedtotheriskregister.Theriskregister,includingmitigationstrategies,isreportedtothesecuritycouncilonaregularbasis.

• Toensureithasvisibilityandauthoritytomeetitsresponsibilities,thecouncilannuallyassessesthecompany’sorganizationalstructure,reportinglines,authorities,andresponsibilitiesaspartofongoingriskassessmentandmanagement.

Additionally,DocuSignhasadeputychiefriskofficer(CRO)whooverseesthechiefinformationsecurityofficer(CISO).Inadditiontodefiningsecuritystrategy,thedeputyCROperformsinanindependentauditandassessmentcapacity.

AssuranceDocuSignwarrantsitscompliancetotheUSESIGNactandcomplieswithapplicablelaws,regulations,andindustrystandardsaroundtheworld.DocuSignisdirectlycertifiedforISO27001:2103,PCI-DSS,andTRUSTe.TheDocuSignplatformcontainscapabilitiesthatenablecustomerstomeettheirrequiredcompliancetospecializedindustryregulations,suchasHIPAA,FDATitle21CFRPart11,andspecializedrulesfromtheFTCFHA,IRS,andFINRA.

Figure3:DocuSign–HighestandBroadestSetofStandards

xDTMStandardRequirement CertifiedtoLeadingGlobalStandards1. ThexDTMsolutionwill

complywithapplicablelaws,DocuSigncomplieswithapplicablelaws,regulations,andindustrystandardsaroundtheworldgoverningdigitaltransactionsandelectronicsignatures.

xDTMWhitePaper

-9-


xDTMStandardRequirement CertifiedtoLeadingGlobalStandardsregulationsandindustrystandards.

EngineeredtoSupportaBreadthofLaws,Regulations,andIndustryStandardsTheDocuSignserviceeithercompliesdirectlywiththelawsandregulationsbelow,orhelpscustomersmeetrequirementsneededfortheirowncompliance:

• DocuSignwarrantstotheUSESIGNAct,EUlegislation(EuropeanRegulation910/2014),andtheUKElectronicCommunicationsAct.

• ISO27001:2013:DocuSigniscertifiedacrossall133controlsandistheonlyeSignaturecompanycertifiedasaninformationsecuritymanagementsystem(ISMS).

• SSAE16,SOC1Type2,SOC2Type2:DocuSigncomplieswiththereportingrequirementsstipulatedbythebytheAmericanInstituteofCertifiedPublicAccountants(AICPA),undergoesyearlyauditsacrossallaspectsofitsenterprisebusinessandproductionoperations,andhassustainedandsurpassedallrequirements.

• TRUSTe:DocuSigniscertifiedbyTRUSTe,andsecurelyandsafelyhandlescustomerdataasoutlinedinitsprivacypolicy(seePrivacy:section2).

• PCIDSS3.1:DocuSignisPCIcertifiedforsafeandsecurehandlingofcreditcardholderinformation;andwhilesmallercompaniesmayself-certify,DocuSignhasreachedathresholdoftransactionsthatrequiresathird-partyaudit,ensuringthedeepestlevelofexamination.

• HIPAA,FDATitle21CFRPart11:theDocuSignservicesupportstheeSignaturepracticesthathelporganizationsmeettheircompliancerequirementsfortheseregulations.

• DocuSigniscertifiedasSkyhighEnterprise-Ready™undertheSkyhighCloudTrust™program,whichevaluatessecuritycontrolsandenterprisereadinessbasedonCloudSecurityAlliance(CSA)criteria.

• DocuSignmeetsspecializedrulesfromtheFDA,FTC,FHA,IRS,FINRA,andothers.Detailedinformationcanbeprovidedonrequest.

ObtainsRequiredConsents

DocuSignobtainsrequiredcustomerconsenttodobusinesselectronically:

• Consentforbusinesstransactionsisachievedthroughstepsintheservice’sworkflow.

• ConsumerconsentisobtainedbytheDocuSignservicethroughtheuseofrequireddisclosuredocumentsandbyobtainingacustomer’saffirmativeconsenttouseelectronicrecordsforthetransaction.Thesolutionalsoenablesacustomertowithdrawconsent.

xDTMWhitePaper

-10-


PrivacyDocuSigniscommittedtocustomerprivacyandtheprotectionofproprietaryinformationanddata,andemploysmeasuresacrossmultiplebusinessandtechnologyareas.WithDocuSign:

• Contractualprivacyprotectionsassureconfidentialityofcustomerinformationandprohibitemployeesfromviewingcustomerdocuments.

• Customerssettheirownprivacyanddocumentmanagementsettingsontheplatform.• Independent,externalorganizations,suchasTRUSTe,certifytheplatformaspartofthecompany’s

compliancewithglobalprivacyanddataprotectionregulations.

xDTMStandardRequirement HowDocuSignProtectsYourPrivacy1. Personaldataisusedforthe

purposeitwasintendedandisconsistentwiththeorganization’sprivacypolicy.

DocuSignmaintainsacomprehensiveprivacypolicyandiscommittedtotheprivacyprinciplesofnotice,choice,onwardtransfer,security,dataintegrity,access,andenforcement.

• DocuSignhasreceivedTRUSTe'sPrivacySeal,signifyingthatitsprivacypolicyandpracticeshavebeenreviewedforcompliancewiththeTRUSTeprogram.

• TRUSTereviewsDocuSign’sprivacypolicyannuallyacrossboththebusinessandproductionsite.

TransparencyinDataUsageThecollectionanduseofpersonaldatadescribedbelowisincludedinDocuSign’spubliclypostedprivacypolicy.

• PersonaldatacollectedbyDocuSignincludesuser-providedinformation,suchasname,emailaddresses,mailingaddress,andbillinginformation.Italsoincludestechnicalinformation,suchasIPaddress,locationinformation,deviceidentifiers,usagedatarelatedtohowauserinteractswiththeservice,andtransactionaldataassociatedwithcontractsuploadedorsignedontheDocuSignservice.

• PersonalinformationisusedfortheservicesoftheDocuSignplatform,thecreationofrecordsreflectingusers’transactions,identityverification,andfraudprevention.Thisappliestodatacollectedbytheservice,externallyfacingwebsites,orothermeansofdatacollection.

• Employeesareprohibitedfromviewingthecontentincustomerdocuments,andcustomersupportpersonnelarelimitedtoviewingonlydatathatdescribesdigitaltransactionsontheservice(seeSecurity:Section1).

• Inthecaseofamerger,acquisition,orsale,DocuSignwillnotifyusersofanychangesinhowpersonaldataisused,aswellasanychoicesusershaveregardingtheirinformation.

• ThirdpartiesthatprovideservicestoDocuSignarerequiredtoonlyusedatasharedwiththemfortheservicesthey’reprovidingtoDocuSign.

xDTMWhitePaper

-11-


xDTMStandardRequirement HowDocuSignProtectsYourPrivacy2. Treatmentofnotice,

consent,andchoiceisclearlyreflectedinapubliclyavailable,writtenprivacypolicy.

DocuSign’spostsitsprivacypolicyonthecompany’spublic-facingwebsiteanddescribestheprivacypracticesofthecompany,includingnoticeandconsent.ClearNoticeonConsent,Choice,andNotifications

• Acustomer’suseofDocuSign’swebsitesormobileapplicationsconstitutesconsenttotheprivacypolicyandtothecollectionanduseofinformationdescribedinit.CustomersarerequestedtonotuseDocuSign’sservicesiftheydon’tagreetothepolicy.

• VisitorstoDocuSign’spublic-facingwebsitemayoptoutofreceivingtailoredadvertisingordatatracking.

• DocuSigndoessendemailsrelatedtocompletingsigningsorothertransactionsontheservice(requiredaspartoftheservicesundercustomercontracts).

• Inthecourseofatransaction,usersoftheDocuSignservicemayaccesspersonalinformationofotherparticipantsinatransaction.Thecompany’sprivacypolicyspecifiesthatthisinformationmayonlybeusedinconnectionwithDocuSign’sservicesandmaynotbeusedforunsolicitedcommercialmessages.

AdherencetoInternationalPrivacyConsiderations• DocuSignhasacorporatecommitmenttopursueBindingCorporateRules,a

bindingorganizationaldatagovernancepolicyframeworkreviewedandapprovedbyEuropeandataprotectionauthorities.

• DocuSignwillmakeadataprocessingaddendumtocustomersthatincorporatestheEuropeanCommission’smodelclauses.

3. Policiesaddressingtransactionretentionandpurgingareclearlystated.

CustomersSetTheirManagementPoliciesWithDocuSign,customerssettheirowndocumentmanagementpolicies.CustomersmaykeeptheirdocumentsonDocuSign’ssecureservers,downloadthem,orpurgethemfromtheDocuSignservice,attheirdiscretion.Retention

• MostcustomersleavesigneddocumentsintheDocuSignsystemindefinitelyasameanstoretainanindependentthirdpartythatcanwarrantthedocumentshavebeensecurelystoredandnotaltered.

• CustomersmayalsoutilizetheDocuSignConnectpublisherservicetotransfercopiesofsigneddocumentstodocumentrepositoriesbehindtheirownfirewall.

Deletion• Deleteddocumentsareremovedfromauser’sview,butarenotexplicitly

purgedasaresultofdeletingthem.Whenausermovesanenvelopeintothedeletedfolder,onlyapointertotheenvelopeisremoved.It’sonlywhennopointersareleft,thattheenvelopeanddocumentsarepurged(meaningtheenvelopenolongerresidesinanyDocuSignuserfolder).

Purging• Customerscanconfiguredocumentretentiontospecifythenumberofdaysto

retaindocuments(measuredfromthedatetheenvelopeiscompleted,voided,ordeclined).Oncethepurgedateforanenvelopearrives,it’sputintothepurge

xDTMWhitePaper

-12-


xDTMStandardRequirement HowDocuSignProtectsYourPrivacyqueueandpurgedfromthesystem14dayslater.

• Notificationemailsaresenttoboththesenderandrecipientsasanenvelopeentersthepurgequeue.

• EnvelopesandthedocumentsthatarepurgedfromDocuSignarepermanentlyremoved.

• WhiletheDocuSignservicewillremoveadocumentfromthesystem,itwillmaintaintheauditlogtovouchfortheexecutionhistoryofthedocuments.

4. Privateinformationisonlyprovidedtogovernmentorganizationswhenthereisagoodfaithbeliefthatsuchdisclosureisreasonablynecessarytocomplywithanyapplicablesubpoenaorotherlegalprocess,ortoprotecttherights,property,orsafetyofanyone.

DocuSignhasapolicyofprovidingnoticetoitscustomerswhenthere’sanexternalrequestforinformationabouttheiraccounts,suchaslawenforcement.DocuSign’spubliclypostedpolicy,“RespondingtoUserDataRequests,”detailshowthecompanyrespondstorequests,whatinformationDocuSignmayprovide,andthecircumstanceswhereitworkswithlawenforcement.

5. Companypoliciesincludemeasurestoevaluatethepotentialtocauseharmbyreleasingprivatedata.

DocuSignmaintainsmultiplepoliciesandmeasuresforevaluatingthepotentialharmfromareleaseofprivatedata(forexample,duetoadatabreachoraccidentaldatadisclosure).Theapproachesbelowenablebothanassessmentofthescaleandimpactfromareleaseofprivatedataaswellastheeffectivenessofavailablemitigations.

• DocuSignhasaformalriskmanagementprogramthat’sISO27001:2013certifiedandincludeslikelihood,impact,qualitativeandquantitativeanalysis,andregulatoryrequirements.

• DocuSign’sCROoverseesthecompany’sGRCprogramthatassessesriskandensuresthatcontrolsapplicabletoabreachareinplace(seeSecurity:Section13).

• DocuSignmaintainsasecurity/riskcouncilasanaccountabilitypointforthereporting,assessing,tracking,andmitigatingofidentifiedrisks(seeSecurity:Section13).

• DocuSignhasanincidentresponsemodelthatincludesimpactassessment,correspondingservicelevelagreements(SLAs)forresponse,andSLAsforresolutionactivities(seeSecurity:Section11).

• DocuSignmaintainsanincidentresponseplaybookthatrequiresproactivemeasurestodetectpotentialincidents,suchasasecuritythreat.ItalsoprescribesDocuSign’sresponsetosuchanincident,includingassessingimpactandrespondingwithintherequiredSLAs,(seeSecurity:Section12).

• DocuSignmaintainsabreachnotificationprogramtonotifyusersafterabreachandotherincidentsarediscovered.DocuSignwillidentifytheindividualswhosepersonalinformationwasaffectedandprovidedescriptionsofthecategoriesofpersonalinformationinvolvedforeachperson,howandwhentheincidentoccurred,howandwhentheincidentwasdiscovered,stepstakentoaddresstheincident,andanystepstakentopreventarecurrence(seeSecurity:Section10).

xDTMWhitePaper

-13-


ValidityTheDocuSignplatformprovidesanaudittrail,chainofcustody,tamper-evidentseals,andothermeasuresthatprovidecompletetransactiondetailandassurethevalidityoftransactionsexecutedontheplatform.Multiplemethodsofauthenticationareavailabletovalidatetransactionparticipants,andcustomersmaycombineauthenticationmethodsifwarrantedbythesensitivityoftheirdocuments.Finally,thestructureoftheDocuSignworkflowprovidesevidenceofagreementandintenttotransact.

xDTMStandardRequirement HowDocuSignProtectsYourPrivacy1. Transparencyinto

relevanttransactionattributes,suchasmessageorigin,author,content,andtransmissiontime.

TheDocuSignsolutionlogsandprovidesdetailedinformationontransactionsthattakeplaceontheservice.Italsoprovidesdocumentsthatcustomerscanadmitintocourt,aswellasmeasurestopreventatransactionparticipantfromrepudiatingtheirsignature.Theinformation-capturecapabilitiesofDocuSignassure:

• Transparencytocustomersontheprogressoftheirdigitaltransactions

• Afullaudittrail(seeValidity:Section4).

CompleteDetailsoftheDigitalTransaction• Adocumentlistindicatesrecipientsandthestatusforeachdocument,suchas

completed,waitingforothers,voided,ordraft.

• Adocumentdetailareaprovidesinformationoneachrecipient'sactivityinthedocument.Examplesincludedateviewed,whichrecipientshavesigned,orwhichhaveyettocompletethesigningtransaction.

xDTMComplianceDocuSignprovidesthefollowingtransactionvalidationdetails:

• Numberofitemsandpagesforalldocumentsordatainatransaction

• Identityorcontactdetailforthepersonorsystemthatsentthedocumentsordata,aswellastheIPaddress

• Transactionstatusinformation,coveringinitiationthroughin-processandcompletion

• Storageinformationonwherethecompleteddocumentsandfinaldataareheld

• Recipientcontactinformationforeachdocumentordatacomponent

• Informationthatreportstheauthenticationmethodusedandwhetheritwassatisfied

• Contentandconfirmationofdisclosuresagreedtobytherecipient

• Eventandactiontimestampstosupportadetailedaudittrailforthetransactionwithintegrityprotection.

2. Averifiablechainofcustodyforeachcustodianthatincludesdocument/transaction,metadata,andhistory/

TheDocuSignsolutionincludescapabilitiesspanningencryption,logging,anddatasecuritythatsupportthelegalityoftransactionsbymaintainingtheintegrityofdataanddocuments.

• Adigitalaudittrail,knownasacertificateofcompletion,iscreatedforeveryenvelopeandcapturesthesigningparties’names,emailaddresses,

xDTMWhitePaper

-14-


xDTMStandardRequirement HowDocuSignProtectsYourPrivacyfuturelengthofcontract. authenticationmethod,publicIPaddress,signinglocation(ifprovided),

envelopeaction,andtimestamps.

• In-systemchecksusingadigitalchecksum(mathematicalhashvalue)validatethatthedocumentsinanenvelopehaven’tbeentamperedwithoutsideofeachsigningevent.

• DocumentsexportedfromDocuSignaredigitallysignedforthepurposeofdetectinganyevidenceoftampering.ThetampersealisanX.509publickeyinfrastructure(PKI),standards-based"digitalsignature"issuedbyacertificateauthority.It’sappliedtoadocumentatthetimeofdownloadfromDocuSignandindicateswhetheradocumentwaschangedsinceitwasdownloaded.

3. Appropriatecredentialing,suchascriteriaforcredentials,credentialcreation,anddocumentedtreatmentofco-transactors.

DocuSignprovidescustomerswithmultiplecapabilitiestoauthenticateparticipantstoatransaction.Customersmayalsoauthorizedifferentprivilegesamongtheparticipants.MultipleOptionsforAuthenticatingParticipantsinaTransactionSupportedmethodstoauthenticatesignersinadigitaltransactioninclude:

• Accesscode:therecipiententersacodeprovidedtothemseparatelyfromDocuSigncommunications.

• SMS:therecipiententersacodereceivedasanSMStextmessageataspecifiedphonenumber.

• Phoneauthentication:therecipientanswersaphonecallatanumbersuppliedbytherecipientandprovidesanauthenticationcode.(Note:anadditionalavailableoptionenablestherecordingandgenerationofabiometricvoiceprintasanadditionallayertotheauthenticationprocess).

• Knowledge-basedauthentication:Thismethodrequirestherecipienttoanswerdetailedquestionsaboutthemselvesbasedondataavailableinpublicrecords.

• SocialID:TherecipiententershisorhersocialIDinformation,whichisvalidatedagainstthatservice,toaccessthedocumentsforsigning.SupportedservicesincludeSalesforce.com,Google,Yahoo!,orMicrosoftaccountcredentials,withadditionaloptionsforsocialnetworkcredentialsfromFacebook,Twitter,andLinkedIn.

• RequireaDigitalCertificate:Thesendercanrequirethesignertoapplyadigitalcertificateatthetimeofsigning.Thiscreatesafinaldocumentthathasbeendigitallysigned.

• Two-factorauthentication:DocuSignalsoallowsasendertorequiretwoauthenticationmethodsfromthedocumentsigner.Specifically,accesscodeauthenticationandoneothertypemaybeusedforasinglerecipient.

AbilityforSenderstoSetPrivilegesandPermissionsforCo-TransactorsDocuSignsupportsdifferentrolesforparticipantsinatransaction:

• Participantsmaybesigners.

• Participantsmaybedesignatedasrecipientsorauthorizedforactions,suchasmanageenvelopes,addressrecipients,managerecipients,receiveacopy,oracknowledgereceipt.

• Eachrecipientinaworkflowmaybeassignedindividualizedauthenticationrequirements.

• Enveloperecipientscanbereassignedbythesenderoralsobyaspecific

xDTMWhitePaper

-15-


xDTMStandardRequirement HowDocuSignProtectsYourPrivacyrecipient.

• Particularsigningordersamongtheparticipantsmaybeenforced.

• InsituationswithmultipledocumentsinaDocuSignenvelope,accessmayalsobecontrolledatthedocumentlevel,whereaparticulardocumentmayonlybeviewedbytheintendedsigner.

4. Clearevidenceofagreement,includingmanifestationofassent,intenttotransact,andattributionandaudittrails.

ClearEvidenceofAgreement• WithDocuSign,thesignermustagreetotheuseofelectronicrecordsand

signaturesinconnectionwiththereviewandsigningofanydocumentandisgivenanelectronicconsentdisclosure(ECD)beforetheycanaccessdocument(s).

• UsersarepromptedbyDocuSigntoadoptasignaturegraphic.Thisgraphicisrelatedexplicitlytotheiridentity,establishestheir“mark”inthetransaction,andisapplieddirectlytothedocumenttoindicatetheirassentatthatlocation.Further,usersmaypersonalizetheirsignaturegraphicbydrawingitwiththeirmouseortouchscreen,selectingfrompredefinedstyles,oruploadinganimagetheyalreadyhave.

• AuditprocesseswithintheDocuSignsystemsecurelycapturealloftheseconsent-relatedactionsbythesigner.ExamplegranularityincludesthedateandtimeoftheECDacceptanceorauniqueidentifieroftheacceptanceevent.

ACompleteAuditTrailDocuSignprovidesdigitalaudittrailsforcustomerstotracksigningandaccesseventsoverthelifetimeofadocument.Theyincludeadocumenthistory,aformalcertificateofcompletioncreateduponsignatureofalldocumentparties,andrecordpermanence,aswellasothercapabilities.Incombination,theseservetoconfirmthevalidityoftransactionsexecutedbytheservice.

• Documenthistory:DocuSigntracksandlogsallaspectsofeachtransaction(name,emailaddress,IPaddress,date/time,authentication,andactivity)andcapturesitallinadetailedtransactionhistorythatisstoredinperpetuityashashedandencrypteddatawithintheDocuSignsystem.Thisdataisavailableondemandfromthesystemandmayalsobeprogrammaticallyexportedinreal-timeastransactionsprogresstoacompletedstate.

• Certificateofcompletion:Oncethetransactioniscomplete,DocuSignissuesacertificateofcompletionthatcontainstransaction-levelinformation,suchastheuniquetransactionID,thesenderandallrecipients,thetimestampofallevents,DocuSignaccountinformation,andtheexecutedconsumerdisclosure.Thecertificateofcompletionhasbeentestedincourtandfoundtobelegallyvalid.

• Recordpermanence:Documentauditlogsarekeptpermanentlyeveniftheunderlyingdocumentisdeliveredandpurgedbytheowningaccount.ThismaintainsDocuSign'sabilitytoproveatransactionindefinitely.

5. Completerecordsmanagement,includinglong-termrecordsmanagementwithproofofintegrity,designateddocumentretentionperiods,and

• AllretainedcustomerdataisstoredatthelevelofsecurityandencryptionprescribedinDocuSign’scustomerdatapolicy(seeSecurity:Section1).

• CustomersmayleavesigneddocumentsintheDocuSignsystemindefinitely.DocuSignwillwarrantthatthedocumentshavebeensecurelystoredandnotaltered.

• DocuSignalsoofferstheDocuSignConnectpublisherservicethatcustomerscan

xDTMWhitePaper

-16-


xDTMStandardRequirement HowDocuSignProtectsYourPrivacytransferability. useiftheywishtokeepalocalcopybehindtheirfirewall.DocuSignConnectcan

pushsigneddocumentstoacustomerapplicationorpushstatusupdatestoacustomerlistenerapplication.Oncenotified,customerscanretrievesigneddocumentsviatheDocuSignAPI,inlinewiththeirworkflow.

• DocuSignintegrateswithexternalthird-partyvaultsolutions,suchaseOriginal,thatprovidecustomerswithadditionalrecordsmanagementcapabilities.

• Customersmayalsodownloadstoreddocumentsandtransactiondata,whicharesecuredwithanX.509PKI,standards-based"digitalsignature"thatisappliedatthetimeofdownload.

• Thecertificateofcompletionisalsosecuredwithatamper-evidentsealtoensurethatitcan’tbemodifiedafterdownload,justlikethedocument.

6. Anindustry-standardclocktimeconventionfromatrustedthird-partysourceoftime.

DocuSignutilizestheNationalInstituteofStandards&Technology(NIST)atomicclockserviceasasynchronizedtime-serviceprotocoltoensureallsystemshaveacommontimereference.

AvailabilityDocuSignhasmaintainedmorethan99.99%averageavailabilityoverthepast5years.Theserviceisengineeredtoprovide“always-on”availabilityandDocuSigndoesn’tpostorscheduleanyplanneddowntimeformaintenance.

DocuSign’ssystemarchitectureincludesmultiple,simultaneouslyactiveDocuSignsystemsindifferentgeographiclocations,eachsupportingcustomertransactionswhilestayingsynchronizedwitheachother.Thisway,dataforin-processandcompletedtransactionsissavedinmultiplelocations,providinghighavailabilityandasuperiorprotectionagainstdatalossandcorruption.

Figure4:DocuSignSystemStatus(PubliclyavailableintheDocuSignTrustCenter)

xDTMWhitePaper

-17-


xDTMStandardRequirement Carrier-GradePerformanceandReliability1. Thesolutionoffers

carrier-gradeavailability/systemuptime.

• DocuSignhasmaintainedmorethan99.99%averageavailabilityoverthepastfiveyears

• DocuSignpoststwelvemonthsofuptimedataforitsservice,acrossfourdifferentenvironmentsonitspublicallyavailableTrustCenter

• DocuSignprovidescustomerswithcreditsagainstfees,ifservicelevelsaren’tmet

2. Thesolutioniscontinuouslyavailable–online/offline–withnomaintenancedowntime.

• DocuSignhasazero-maintenancedowntimeservice.Thecompanydoesn’tscheduleofflinemaintenance.

3. Customerdataiscontinuouslyaccessibleforcustomeruse.

• UnderDocuSign'sarchitecture,securereplicationofcustomerdataisperformedatboththedatacenterinuse,aswellasinnearreal-timetogeo-diversedatacenters.DataisreplicatedattheOLTPlevel,andallhistoricalanddocumentdataissynchronizedusingaproprietarydocumentreplicationservice.DocuSignmakeseightperpetualbackupsofBLOBdata;anddatareplicationtakestheplaceoftraditionalbackups.

4. Redundantgeographicallydisperseddatacentersareused.

• DocuSigndataisreplicatedtogeographicallydisperseddatacenters.IntheUS,threeactivesitesarelocatedindifferentgeographicalregions.InEurope,twoactivesitesaremorethan400kmapart.

• Intheeventofafailureinanyoftheactivesystems,alluseractivitymaybeservedbytheremainingcenters

5. Thereiszerodatalossduringcatastrophicevents.

• DocuSign’sinfrastructureisconstructedtodeliverarecoverypointobjectiveoffiveminutesintheeventofasinglesitecatastrophicfailure.

• Insupportofdataprotection,DocuSigndesignsalldeploymentstobefullyredundantandfaulttoleranttoeliminatesinglepointsoffailure.Datatravelsviahalf-gigabitfibertofacilitatetherequireddatareplication(seeAvailability:Section3).

• DocuSignmaintainsadisasterrecoveryplan(DR)tobeimplementedintheeventofadisaster(orprolongedinterruptionofservice)andabusinesscontinuityplan(BCP).Thetableofcontentsoftheplanandthelastannualtestresultsareavailableforinspectionbutforsecurityreasonsaren’tsharedoutsideofDocuSign.

6. Thereisasub-minuteservicerestorationafterdisruption.

• DocuSign’sinfrastructureisconstructedtomeetarecoverytimeobjectiveof15minutes.

• DocuSign‘sarchitecturefeaturessimultaneouslyactiveandredundantsystemsandnear-real-timedatareplication.Additionally,DocuSign’sdatacentersarecommercial-grade,PCIDSScompliant,andSSAE16examinedandtested(seeSecurity:Section5).

• Combined,thisenablesDocuSign’sservicetoconsistentlydemonstratehighavailability(asshowninpubliclyavailablesitestatistics)andbecapableofsurvivingdisruptions,suchasafullsiteoutage.

• Failovercapabilitiesaretestedmonthlyalongwithafull,formalBCP/DRtestconductedannually.Percompanypolicy,thesetestresultsarevalidatedandsignedbystakeholders,includingthechieftechnologyofficer,chiefsecurity

xDTMWhitePaper

-18-


xDTMStandardRequirement Carrier-GradePerformanceandReliabilityofficer,andchieflegalofficer.

7. Customertransactionsupportisprovided.

ComprehensiveSupportResourcesDocuSignsupportresourcesinclude:

• 24x7livesupport,alongwithfull-timesystemavailabilitymonitoring

• Onlinecasesubmissionandmanagement,withresponseSLAs

• Escalatedtier-twosupport

• Asupportteamthat,onaverage,answerscallsinlessthan10seconds,respondstoemailswithin2businesshours,andhasanaveragefirst-contactcompletionrateofover80percent;andhasaccesstoDocuSignprofessionalservices,acustomer’sassignedstrategicaccountmanager,andDocuSignengineeringteams.

RobustCapabilitiesforIntegrationandCompatibilitySupport• DocuSignprovidesfreedeveloperaccountsintoafull-featuredenvironmentfor

developmentandtesting.Samplecode,SDKs,andcodelibrariesarealsoprovidedattheDocuSignDeveloperCenter.

• DocuSignofferspreviewanddemonstrationenvironmentsforcustomerstovalidatetheirsystemintegrationsandgivefeedbackonnewreleases.

• DocuSignsuppliessupportanddocumentationforout-of-the-boxintegrationstocomplementarysolutionsfromSalesforce,Microsoft,Google,andothers(seeInteroperability:Section1).

SupplementalTrainingResources• DocuSignofferstraining,courses,andcertificationsthroughDocuSign

University,suchasadministratortraining,specializedtrainingforSalesforceusers,trainingforworkflowdevelopers,APIuse,andmore.

• Coursesareavailableonline,in-personatDocuSigntrainingfacilities,oronpremiseatacustomer’ssite.

8. Theorganizationmaintainsatrustcenterfortransparencyintoserviceperformance,availability,certificationstatus,andprivacy.

• DocuSignmaintainsapublic-facingTrustCenterthatprovidescontinuousupdatesonserviceavailability,12monthsofuptimedata,andtechnicalbestpractices.

• TheTrustCenterprovidesstatusconfirmationsthatservicesareavailableandoperatingnormallyandwillcommunicateinformationaboutservicedisruptionsorsecurityalerts.

• TheTrustCenterenablescustomerstoreporttoDocuSignanysecurityconcerns,suspectedfraudulentemail,orsystemissues.

• OntheTrustCenter,DocuSignpubliclyconfirmscompliancewithanumberofsecuritycertifications,including:

o ISO27001:2013o SSAE16,SOC1Type2,SOC2Type2o xDTMStandard,Version1.0o PCIDSS3.1o TRUSTe

xDTMWhitePaper

-19-


ScalabilityToprovideresilientsystemperformanceduringpeaktrafficinthenearterm,aswellasensurescalabilityforrequiredfuturegrowth,DocuSignundertakesrobustcapacityplanning.Everyday,DocuSignprocessesapproximately30billionpiecesoftelemetrytomonitorandassesstheend-to-endcustomerexperienceasoneofmultipleinputsintoplanningforrequiredscalability.Currently,themulti-tenantstructureensuresthattheDocuSignplatformrunsatlessthan50percentoftotalcapacityandthatnosinglecustomer'sspikeinusageimpingesonothercustomers.

xDTMStandardRequirement HowDocuSignManagesScale1. Thereisaformalprocessin

placetoanticipatefuturebusinessgrowth/needswiththeabilitytoprovideongoingsystemcapacitymonitoring.

• DocuSignmaintainsaformalplanningprocessthatincludesbothreal-timeperformanceindicatorsandlong-termcapacityplanningmechanismstoensureadequatecapacity.

• Systemloadisevaluatedandprojectedviaascheduledprocess,andongoingprojectionsusinggathereddataaremadeforserverload,storageload,databaseload,andnetworkload/bandwidth.Projectionsaretrackedandcomparedwithcurrentloadtoensureaccuracy,andadjustmentsaremadetotheoverallenvironmenttoensureprojectedloadismetorexceeded.

2. Thereisaformallifecyclemanagementinplacewithproactiveimplementationofarchitecturalchangesandhardwarepurchasing.

• DocuSignmaintainsabaselineconfigurationprogramforsoftwareandhardware.Allproductionsystemsareconfiguredaccordingtothesestandardstoensurecapacityrequirements.BenchmarksfromtheCenterforInformationSecurity(CIS)arepartoftheprogram’sverificationprocess.

• Capacityincreasesareachievedbyscalingtheplatformbothverticallyandhorizontally,usingcollecteddataonusagetrendsaswellasprojectionsofcontractualcommitmentsinan18-monthmovingwindow.

• Inaddition,DocuSignhasdevelopedautomatedperformancetestingtoolsthatcreateastaticloadonDocuSignviaboththeAPIandtheuserinterface.Thesystemisloadedandthendynamicevaluationisdonetocompareboththeformalandobservedsystemcharacteristics.

UniversalityWithDocuSign,userscanconductbusinessglobally,useanapporsitebuiltfortheirdeviceorplatformofchoice,andtransactwhilebothconnectedandoffline.

DocuSignoffers13sendinglanguagesand43languagesforsigning,andthesystemiscompatiblewithleadingbrowsersandmobileplatforms.It’salsoavailableasadedicatedapponmultipleplatforms,andofflinecapabilitiesallowuserstocontinuethetransactionprocesswhencarrierserviceisn’tavailable.

xDTMStandardRequirement DocuSignSupportsTransactionsWorldwide1. Thesolutionisavailable

acrossheterogeneouscomputingplatforms.

• TheDocuSignservicerequiresonlyaWebbrowserforsigningandaPDFreadertooptionallyviewdocuments.Noadditionalsoftware,browserplug-ins,extensions,oradd-onsarenecessary.

xDTMWhitePaper

-20-


xDTMStandardRequirement DocuSignSupportsTransactionsWorldwideAvailableonMultiplePlatforms

• DocuSignisavailabletoover90percentofdesktopandmobileusersintheregionswhereit’sofferedbecauseoftherangeofplatformssupportedbytheservice.

o Desktop:DocuSignsupportsfinalreleaseversionsofInternetExplorer8.0orabove,WindowsEdge,Mozilla®Firefox®3.0orabove(WindowsandMac),Safari™3.0orabove(MacOSonly),andGoogleChrome®5.0(WindowsandMac).Althoughotherbrowsersaren’tofficiallysupported,signingtypicallyworksonanyapplicationthatcanrenderHTML.

o MobileWeb:DocuSignsupportsAppleiOS®6.0andabove,andAndroid™2.3orabove.

o Mobileapplications:DocuSignoffersnativeappsforiOS,Android,andWindows.RespectiverequirementsareAppleiOS®8.0andabove,Android™4.0andabove,Windows8.1andabove,Windows10,andWindowsphone8.1.

• Inaddition,DocuSign’sinterfaceisresponsiveandwillautomaticallyoptimizeitsinterfacetofitthedeviceandformfactoronwhichit’sbeingviewed.

CapabilitiesforWorkingOffline• DocuSign’ssolutionincludesofflinefunctionalityforcontinuedproductivity

whennetworkorcarrierserviceisn’tavailable.

• Whileoffline,documentsenderscantagadocumenttoindicaterequiredsignaturesandselectedrecipients.Onceanetworkconnectionisavailable,thedocumentwillbesentoutforsignature.

• Documentrecipientscansignadocumentwhileoffline,andoncereconnectedtoanetwork,signeddocumentswillbeuploadedtotheDocuSigncloud,routingtoothersignatories,ifrequired,orconfirmingacompletedtransaction.

2. Thesolutionisaccessibleworldwide.

• DocuSignoffersuserstheabilitytosigndocumentsin43localizedlanguages:English(US),Spanish(LatinAmerica),Japanese,German,French,Italian,Spanish(Spain–ModernSort),French(Canada),ChineseSimplified,Portuguese(Brazil),Russian,Turkish,Korean,Portuguese(Portugal),ChineseTraditional,Polish,Romanian,Dutch,Hungarian,Czech,Greek,Swedish,Finnish,Danish,Norwegian,Ukrainian,Serbian-Latin,Bulgarian,Croatian,Slovakian,Lithuanian,Slovenian,Latvian,Estonian,BritishEnglish,Arabic,Hebrew,Farsi,Hindi,BahasaIndonesia,BahasaMelayu,Thai,andVietnamese.

• DocuSignoffers13languagesforglobaluserstosenddocumentsforsignatureintheirnativelanguage:English(U.S.),ChineseSimplified,ChineseTraditional,Dutch,French,German,Italian,Japanese,Korean,Portuguese(Brazil),Portuguese(Portugal),Russian,andSpanish.

• TheDocuSignsolutioncanautomaticallydetectacustomer’sbrowserlanguageandpresentinformationintheappropriatelanguage.Alternatively,atransactioninitiatormayspecifylanguagesettings,oratransactionreceivermayselectfromsupportedlanguages.

• WithDocuSign,usersaren’trequiredtosignupforanaccountbeforesigning.

xDTMWhitePaper

-21-


InteroperabilityEveryday,theDocuSignplatformservicesover8millionAPIcallsinsupportofover1,000APIintegrations.WithplatformAPIs,amobileSDK,out-of-the-boxintegrationswithleadingsolutionproviders,andarichpartnerecosystem,customerscanintegrateDocuSignwiththeirchoiceofsolutions.

DocuSignexposestheentirecoreplatformfunctionalitythroughitsAPIandincludesprebuiltintegrationswithSalesforce,Microsoft,Google,SAP,andothers.Takentogether,theseintegrationoptionsgivecustomersflexibilityandcontrolacrosstheirorganization,infrastructure,workflow,andtechnologypartners,allowingthemtoscalefromsimpleeSignatureintegrationstocomplexcompany-specificsolutions.

DocuSignalsoacceptsmultipledigital/PKIcertificatesaspartofitssupportfordigitalsignaturesandprovidessolutionsforenterprisestomanagedigitalsigningintheirorganization.DocuSignisalsoacertificateauthorityandissuesdigitalcertificates.

xDTMStandardRequirement DocuSignExposesItsFullPlatformforCompleteIntegrationSupport1. Thesolutionshaspublished

integrationguidelines.DocuSignoffersrobustinteroperabilitycapabilities,includingREST/SOAPAPIs,dedicatedintegrationswithmarket-leadingsolutionproviders,andDocuSign’sConnectservicethatprovidesstatusupdateswithinintegrations.MultipleAPIsandSDKs

• DocuSignoffersbothRESTandSOAPAPIsandexposestheentirecoreDocuSignplatformfunctionalitysothatfeaturesandfunctionalitycanbeintegratedintoanywebsite,app,orembeddedsystemthatmakeshttprequests.

• ExampleworkflowssupportedbytheDocuSignAPIinclude:

o Bringingusersdirectlytospecificviewswithinthetransactionworkflowo Requestinglegallybindingsignaturesonthedocumenttypessupportedby

thesystemo Embeddingthesigningorsendingworkflowintoacustomer’sUIorappo Retrievingform-fielddatao Enablingmultifactorrecipientauthenticationo Simplifyingauthenticationviareuseofexistingcredentialsfromother

authorities(viastandards-basedSSO).

• DocuSignoffersamobileSDKforiOStointegrateDTMandeSignaturefunctionalityintomobileapps.Withit,developerscancreateaDocuSignsendingandsigningexperiencefullynativetotheirapp.

• TheDocuSignDevelopmentCenterincludesadevelopersandboxanddeveloperkeys,aswellasSDKs,codelibraries,samplecode,andotherdeveloperresources.

Out-of-the-BoxIntegrationswithLeadingApplicationsDocuSignhasbusinesspartnershipsandtechnicalintegrationswithleadingenterprisesolutionstoprovidemoreseamlesssigningservicesandenablemorecomplexDTMusecases.Out-of-the-boxintegrationsinclude:

• Salesforce.comincludes“SendwithDocuSign”functionalityfromanySalesforce

xDTMWhitePaper

-22-


xDTMStandardRequirement DocuSignExposesItsFullPlatformforCompleteIntegrationSupportobjectandintegratesSalesforcecontactdataintoDocuSign,eliminatingrekeyingofdata.

• Microsoft:DocuSignandMicrosofthaveastrategicrelationshipinplaceandhaveworkedtogethertoenableuserstosecurelysend,sign,andtrackdocumentswithinMicrosoftOffice365usingDocuSign.ThepartnershiphassincebeenexpandedtoincludedeeperintegrationofDocuSignwithinMicrosoftDynamicsCRMonline.Inadditiontotheseproducts,DocuSignalsointegrateswithmanyearliereditionsofMicrosoftproducts,includingOutlook,SharePoint,DynamicsCRM,andWindows.

• Google:DocuSignintegrateswithGmailandGoogleDriveandoffersaGoogleChromeextension.Theseintegrationsenableuserstosigndocuments,sendtoothers,andcompleteotherworkflowintegrationsfromwithintheGoogleapplicationstheymayalreadybeusing.DocuSignalsointegrateswithGoogleAppsforWorksuite,enablingadministratorstoinstallDocuSignandprovisionaccountsforallusersinthedomain.

• SAP:IntegrationswithAribaContractManagementandSuccessFactorsRecruitingManagementallowuserstoleverageSAPtechnologyandDocuSign’sDTMplatformintheirworkflow.

• DocuSign’sSolutionShowcaseprovidesdetailson120+integrationswithDocuSign’spartnerecosystem.

DocuSignConnect–StatusUpdatesforIntegrationsDocuSignConnectisapushservicethatsendsreal-timeenvelopeandrecipientdataupdatestocustomerlistenerapplicationsusingHTTPorSOAPmessages.

• TheseupdatesaregeneratedbychangestotheDocuSignenvelopeasitprogressesfromsendingtocompletion.

• DocuSignConnectprovidesorganizationswithacentralizedlocationandareal-timeviewoftransactionsacrosstheiruserbase.Thisinformationmayalsobecustomizedtosupportreportingorworkflowspecifictoacustomerorganization.

2. Thesolutionacceptsmultipledigital/PKIcertificates.

DocuSignenablesDTMsolutionsgloballyandacceptsmultiplecertificatestoalignwithcustomerneedsandregionalrequirements.CertificateAcceptance

• WithDocuSign,customerscanrequireuseofadigitalsignaturetocompleteasigningtransaction.

• TheDocuSignserviceacceptsdigital/PKIcertificatesthatconformtoX.509standards.CertificatesthatconformtoEUDirective1999/93/ECorEuropeanRegulation910/2014(asapplicable)areaccepted.

• DocuSigncurrentlysupportsdigitalcertificatesfromthefollowingrootcertificateauthorities:OpenTrust,DocuSign,andSAFE-BioPharma(approvedforusewithFDA-orEMA-regulatedprocesses).

CertificateIssuance

• DocuSignalsoactsasthecertificateauthoritywithExpressorOpenTrustcertificates(anaccreditedE.U.-baseddigitalsignatureprovidercertifiedagainstkeyETSIeSignaturestandards).Thisprovidescustomerswithanadditional

xDTMWhitePaper

-23-


xDTMStandardRequirement DocuSignExposesItsFullPlatformforCompleteIntegrationSupportmeanstoobtainPKI-standardandX.509-compliantdigitalsignaturesforanyDocuSigntransaction.

CertificatePolicy• DocuSignmaintainscertificatepoliciescoveringtheirroleasbothacertificate

authority(issuer)andwhichcertificateauthoritiesthey’llacceptcertificatesfromwithinthecontextofdigitalsignatures.

• Thesepoliciesaddress:

o Acceptedthird-partycertificateproviders,includingcriteriaforvalidatinguseridentity

o ThewaysauseratteststotheiridentityinorderforDocuSigntocreateasignatureontheirbehalf

o Operationalandphysicalcontrols(e.g.specifictrustedrolesandfunctions,backup,segregationofduties,revocation,andaudittrails).

SolutionsforEnterpriseDigitalSigning,andtheDocuSignSignatureAppliance• WithDocuSign’sSignatureAppliance,userswithinanenterprisecandigitally

signdocumentsdirectlyfromtheirdocumentauthoringormanagementapplicationorthroughtheDocuSignAppliance(desktop,mobile,orWebinterfaces).

• DocuSign’sSignatureAppliancecanintegratewithacompany’sexistingIDmanagementsystemorusedigitalcertificatesissuedbyacompany’spreferredcertificateAuthority.

• Thiscapabilityenablescompaniestomanagetheircertificatesfromwithintheirowndatacenterandisgearedtohighlyregulatedindustries.TheapplianceiscertifiedfortheCommonCriteriaorganizationandFIPS(FederalInformationProcessingStandard)securitystandards.

PleaseseeFigure.5:DocuSignSignatureAppliance(below)

• DocuSignalsosupportscard/token-baseddigitalsignatureswhererequiredbylaw.Customerssignusingexistingphysicalorsoftware-basedcertificatesintheirpossession,includingsmartcard-basedNationalID’soremployeebadges

xDTMWhitePaper

-24-


Figure5:DocuSignSignatureAppliance

xDTMStandardRequirement DocuSignExposesItsFullPlatformforCompleteIntegrationSupport3. Datawillmigratetocurrent

standardsovertimetoenableongoingaccessibilityanddocumentlongevity.

RegulatoryCompliance• DocuSigncomplieswithregulatoryrequirementsthatnecessitatedocuments

remainaccessibleinaformthatcanbeaccuratelyreproducedforlaterreference.

AdoptionofNewFileFormats,End-of–Life,andOngoingSupportforOlderFileFormats• Onaperiodicbasis,DocuSignwillassessthefeasibilityofsupportingnew

documentanddataformatsfortheplatform.

• DocuSignwillalsoassesstheviabilityofcontinuingtoacceptolderfileanddataformats,usingcommerciallyavailabledataandinternalbenchmarkstodeterminewhetheraparticularformatisobsolete.Ifnecessary,DocuSignwillcommunicateatimeframewhentheformatwillnolongerbeacceptedbytheplatformfornewdocuments.

• DocuSignwillannouncesuccessorformats,ifrequired.DocuSignwillalsoindicatewhetherdataoragreementsalreadyontheplatformwillmigratetoanewformat(consistentwithupholdingregulatoryrequirementsanditsinternaldeterminationoffeasibility).

AcceptedDataFormats• DocuSignacceptsabroadrangeoffileformatsandprovidessupplementaltools

toensurethatdocumentscanbeacceptedintotheplatformforsetup.

xDTMWhitePaper

-25-


Acceptedformatsinclude:

Document .as,.asl,.asp,.doc,.docm,.docx,.dot,.dotm,.dotx,.htm,.html,.pdf,.pdx,.rtf,.txt,.wpd,.wps,.wpt

Drawing .dwg,.dxf,.emz,.svg,.svgz,.vdx,.vsd,.vss,.vstImage .bmp,.cdr,.dcx,.gif,.ico,.jpg,.jpeg,.pct,.pic,.png,.rgb,

.sam,.tga,.tif,.tiff,.wpgPresentation .dps,.dpt,.pot,.potx,.pps,.ppt,.pptm,.pptxSpreadsheet .csv,.et,.ett,.xls,.xlsx,.xlt

• WhileGooglefileformats(Docs,Sheets,andSlides)aren’tsupportedintheir

nativeformat,thesefiletypescanbeuploadedbyconnectingaGoogleDrivecloudstorageaccounttoDocuSign.DocuSign’scloudstorageoptionenablesthesefilestobeaddedtoadocument.

• TheDocuSignPrintDriverisatoolthatallowsauserto“print”hisorherdocumentdirectlyintoanewDocuSignenvelopefromtheapplicationthatcreates/opensit.TheprintdriverappliesaPDFconversionprocesstothedocumentthatmayresolveissueswithloadingcertaindocuments.

• DocuSignalsohassoftwareintegrationswithformprovidersthatallowdocumentstoberouteddirectlytoDocuSign,fullytabbedandreadyforsignature.

4. Limitationsoftheservice’sabilitytosupportvalidtransactionsaredisclosed

DocuSignpublishesaSubscriptionServiceSpecificationonitspublicwebsitethat‘speriodicallyupdatedanddescribestheDocuSignservice,minimumsystemandsoftwarerequirements,enabledsecuritysettings,supportedbrowsers,andmobilerequirements.

ToensuresuccessinDTM,it'scriticalthatDTMprovidersleveragetherightcombinationoftechnology,processes,andpoliciestodeliverasolutionthatrecognizesandaddressesacomprehensiverangeofcustomerneeds.

DocuSign’sxDTMcertificationprovidesaverifiablelevelofassuranceforourcustomers,andwe’repleasedtoprovidedetailandtransparencyregardingthepracticesDocuSignemploystoensurequalityindigitaltransactions.

Wehopeyoufindthisinformationhelpfulinansweringyourquestions.Ifyouneedfurtherinformation,pleasecontactyoursalesrepresentativewithanyadditionalrequests.

DocuSign Digital Transaction Management Capabilities and ... · is used during development or...

Documents

Transcript of DocuSign Digital Transaction Management Capabilities and ... · is used during development or...