Security of E-Sign's Electronic Signature

E-Sign’s priority is to make your experience safe and secure. We ensure you have the information you need to feel comfortable transacting business online. We are the only electronic signature provider authorised on the UK Governments secure Public Service Network

E-Sign Information Security & Data Protection

Due to an increasingly interconnected environment, information is exposed to a larger and wider variety of risks. With continuous threats such as computer viruses, Trojan horses, Denial-of-Service (DoS) Attacks and Phishing becoming more common, ambitious and sophisticated, it makes implementing, maintaining and updating information security in an organisation more of a challenge.

However, here at E-Sign we have robust policies and procedures in place to protect a secure information infrastructure. We are ISO 27001 and Cyber essentials accredited, have been approved as an authorised supplier on the Government’s PSN and are ITHC compliant.

Security and Privacy of E-Sign’s Digital Signatures

E-Sign Infrastructure

At E-Sign, security and privacy are at the heart of everything we do. With both the latest cyber and physical security measures in place, you can be sure your data and network are protected with E-Sign.

Operating from UK-based, ISO 27001-certified data centres, our state-of-the-art servers are protected with commercial-grade firewalls, border routers, and network management systems, as well as 24-hour on-site security and strict physical access controls.

Compliant with industry- recognised standards, you can rest assured that our security system will protect your data from loss, damage and cyberthreats.

Operations and Networks

Our IT security team monitors the E-Sign network, providing assurances for all staff to focus their efforts on other objectives. We have implemented the latest security tools throughout our systems, which focus on any particularly high-value or high-risk integrations and touchpoints.

Logical access management system.
Denial of Service (DDoS) mitigation.
Our systems operate under a continual program of review and response to alerts to ensure they are secure and safe from potential threats.
Intrusion detection and prevention systems.
Anti-malware software integration that automatically alerts E-Sign’s cyber incident response team if potentially harmful code is detected.
Annual Business Continuity Planning (BCP) and Disaster Recovery (DR) testing in place.

Access Control and Compliance

Our access control and compliance policy ensures your data is never compromised. At E-Sign, we leave nothing to chance; we’re constantly testing and improving our security system for the ultimate protection.

Vulnerability testing by third parties.
SSL encryption, meaning your data is protected and safe from hackers.
Malware protection.
Digital audit trail and Certificate of Completion.
Annual UK Government approved Third-party penetration testing.
Code reviews.

Encryption and Validation

Subscriber data encrypted in accordance with industry best-practice standards.
Access and transfer of data to/from E-Sign via HTTPS.
We operate with server-side encryption (SSE), for data encryption.
All interactions within the E-Sign platform and website are 100% secure via 256bit.
Anti-tampering controls.
Signature verification of signing events.
Unalterable, systematic capture of signing data.
Digital certificate technology.

E-Sign’s Assurance

Confidentiality– At E-Sign, we understand that confidentiality is essential. Our security policy includes data encryption as standard, so you can be sure your data is in good hands.
Integrity– Our security capabilities protect the integrity of your digital services for peace of mind that our E-Sign solutions will strengthen your cybersecurity, and never compromise it.
Availability– Our stringent security measures ensure your data is protected from cybercriminals, and always available and accessible when you need it.
Authentication– With two factor authentication and ID verification, we ensure we verify the identity of both users and document signers before they can access sensitive data.
Read our disaster recovery statement

Accreditations

IS027001 Certified

ISO 27001 is the international standard that lays out the specifications for implementing an information security management system (ISMS).

E-Sign first obtained its IS027001 certification for electronic signature and document management in 2014 and has been re-certified every year since.

E-Sign has created an ISO 27001 compliant information security management system which is maintained and improved annually.

THE ISMS is audited on an annual basis by an external UKAS accredited certification body.

Cyber Essentials Certified

Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the National Cyber Security Centre (NCSC). It encourages organisations to adopt good practice in information security.

Cyber Essentials also includes an assurance framework and a simple set of security controls to protect information from threats coming from the internet.

It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME), and the British Standards Institution (BSI), and it is endorsed by the UK Government. It was launched in 2014 by the Department for Business, Innovation and Skills.

Trusted Digital Signature Provider on the Public Service Network

E-Sign is the only electronic signature provider trusted on the Public Service Network. The PSN is the UK Government’s high-performance network, which enables public sector organisations to work together, reduce duplication and share resources.

Government organisations and health trusts access the PSN for secure and trusted digital services, that meet strict regulatory requirements and provide assurance that the service they access has the highest security standards, is exceptionally reliable, and can address issues within a rapid timeframe.

With the rapidly growing digitisation of document management and cloud-based solutions, the need for trustworthy providers has never been more important. The E-Sign document management and electronic signature solution provides businesses with improved efficiencies and major cost savings, creating enhanced advantages over competitors.

View the PSN Approved List

ITHC Approved

An ITHC, or IT Health Check, is an IT security assessment that’s part of the compliance process for many government computer systems in the UK.

Generally performed by an external service provider, an ITHC touches on both applications and infrastructure and involves an element of penetration testing.

This accreditation is essential for any company wishing to supply services to public sector organisations via the Public Service Network.

By meeting these requirements and more, E-Sign is able to supply our digital solutions on the PSN, making us the only e-signature on the market with the ability to do so.

Benefits of Using E-Sign

Selectable Password Strength

With the ability to select a customisable password for the E-Sign platform, you can be sure that all users set hard-to-break passwords that effectively protect your sensitive business information from prying eyes.

2FA for Password Resets

With two-factor authentication ensuring any password resets are legitimate, you can be sure that extra security measures are in place to protect your account from hackers.

Additional ID Verification

To ensure your signing process is protected from fraud, you can integrate E-Sign’s ID Checker to confirm the identity of your signers before they can access any business sensitive data.

Password and SMS Protected Documents

To offer additional protection for your business information, you can enable SMS authentication and password protection for all documents, ensuring only authorised personnel can access the contents.

Still want to know more about digital signatures

And how E-Sign can help your digital document’s workflow

Find out more