Security of E-Sign's Electronic Signature

E-Sign Infrastructure

At E-Sign, security and privacy are at the heart of everything we do. With both the latest cyber and physical security measures in place, you can be sure your data and network are protected with E-Sign.

Operating from UK-based, ISO 27001-certified data centres, our state-of-the-art servers are protected with commercial-grade firewalls, border routers, and network management systems, as well as 24-hour on-site security and strict physical access controls.

Compliant with industry- recognised standards, you can rest assured that our security system will protect your data from loss, damage and cyberthreats.

Operations and Networks

Our IT security team monitors the E-Sign network, providing assurances for all staff to focus their efforts on other objectives. We have implemented the latest security tools throughout our systems, which focus on any particularly high-value or high-risk integrations and touchpoints. 

• Logical access management system. 
• Denial of Service (DDoS) mitigation.
• Our systems operate under a continual program of review and response to alerts to ensure they are secure and safe from potential threats. 
• Intrusion detection and prevention systems. 
• Anti-malware software integration that automatically alerts E-Sign’s cyber incident response team if potentially harmful code is detected. 
• Annual Business Continuity Planning (BCP) and Disaster Recovery (DR) testing in place. 

Access Control and Compliance

Our access control and compliance policy ensures your data is never compromised. At E-Sign, we leave nothing to chance; we’re constantly testing and improving our security system for the ultimate protection.  

• Vulnerability testing by third parties. 
• SSL encryption, meaning your data is protected and safe from hackers.
• Malware protection.
• Digital audit trail and Certificate of Completion.
• Annual UK Government approved Third-party penetration testing.
• Code reviews.

Encryption and Validation

• Subscriber data encrypted in accordance with industry best-practice standards.
• Access and transfer of data to/from E-Sign via HTTPS.
• We operate with server-side encryption (SSE), for data encryption.
• All interactions within the E-Sign platform and website are 100% secure via 256bit.
• Anti-tampering controls.
• Signature verification of signing events.
• Unalterable, systematic capture of signing data.
• Digital certificate technology.

E-Sign’s Assurance

• Confidentiality– At E-Sign, we understand that confidentiality is essential. Our security policy includes data encryption as standard, so you can be sure your data is in good hands.  
• Integrity– Our security capabilities protect the integrity of your digital services for peace of mind that our E-Sign solutions will strengthen your cybersecurity, and never compromise it.  
• Availability– Our stringent security measures ensure your data is protected from cybercriminals, and always available and accessible when you need it.  
• Authentication– With two factor authentication and ID verification, we ensure we verify the identity of both users and document signers before they can access sensitive data.  

IS027001 Certified

ISO 27001 is the international standard that lays out the specifications for implementing an information security management system (ISMS).

E-Sign first obtained its IS027001 certification for electronic signature and document management in 2014 and has been re-certified every year since.

E-Sign has created an ISO 27001 compliant information security management system which is maintained and improved annually.

THE ISMS is audited on an annual basis by an external UKAS accredited certification body.

Cyber Essentials Certified

Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the National Cyber Security Centre (NCSC). It encourages organisations to adopt good practice in information security.

Cyber Essentials also includes an assurance framework and a simple set of security controls to protect information from threats coming from the internet.

It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME), and the British Standards Institution (BSI), and it is endorsed by the UK Government. It was launched in 2014 by the Department for Business, Innovation and Skills. 

Trusted Digital Signature Provider on the Public Service Network

E-Sign is the only electronic signature provider trusted on the Public Service Network. The PSN is the UK Government’s high-performance network, which enables public sector organisations to work together, reduce duplication and share resources.

Government organisations and health trusts access the PSN for secure and trusted digital services, that meet strict regulatory requirements and provide assurance that the service they access has the highest security standards, is exceptionally reliable, and can address issues within a rapid timeframe.

With the rapidly growing digitisation of document management and cloud-based solutions, the need for trustworthy providers has never been more important. The E-Sign document management and electronic signature solution provides businesses with improved efficiencies and major cost savings, creating enhanced advantages over competitors.

ITHC Approved

An ITHC, or IT Health Check, is an IT security assessment that’s part of the compliance process for many government computer systems in the UK. 

Generally performed by an external service provider, an ITHC touches on both applications and infrastructure and involves an element of penetration testing. 

This accreditation is essential for any company wishing to supply services to public sector organisations via the Public Service Network.

By meeting these requirements and more, E-Sign is able to supply our digital solutions on the PSN, making us the only e-signature on the market with the ability to do so.