Digital signatures are valid and legally binding around the world. SIGNiX provides industry-leading digital signature enforceability and is compliant with a variety of laws and regulations. SIGNiX also values user, client and partner data confidentiality and implements security procedures and policies to maintain industry-leading controls on our software and services. For companies who value legal enforceability, SIGNiX provides unique advantages to lower your risk versus other electronic signature providers.

.

Digital Signature Compliance

SIGNiX technology is compliant with ESIGN, UETA, FINRA/SEC, National Institute of Standards and Technology Digital Signature Standards, ISO 32000-1 (PDF), ETSI PDF Digital Signature standards (PAdES), Title 21 CFR Part 11, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the IRS's IVES Electronic Signature Requirements, and the US Department of Education's 34 CFR 99.30. In addition, SIGNiX's hosting provider holds global security certifications and compliance verifications for Service Organization Controls SOC 2 Type II and SOC 3, as well as ISO27001.

 

Digital Signature Service Trust and Security

SIGNiX has been trusted by clients for hundreds of millions of signatures over the many years it’s been in business, and at the center of that is a commitment to keeping customer data safe and employing best practices to be sure our processes, people and services maintain those high standards.

Data Encryption / Protection

All data is encrypted at rest and in transit with at least 256-bit encryption, with TLS 1.2 ciphers required. Private keys used for SIGNiX digital signatures are maintained in FIPS 140-2 Level 2-compliant hardware security modules (HSMs). All customer data is subject to, and classified by, a detailed Data Management & Security policy as well as our Privacy Policy.

Application & Network

SIGNiX systems are regularly scanned for vulnerabilities, and the SIGNiX application and API are subjected to penetration tests by industry experts annually. Intrusion detection systems are deployed to monitor for network attacks, and the SIGNiX network is protected by segmented, high availability firewalls. In addition, sophisticated anti-malware and endpoint security solutions are deployed on employee computing devices as well as production servers. SIGNiX software follows a detailed software development lifecycle (SDLC), change control and quality assurance process to ensure software quality and stability.

Personnel

All SIGNIX employees are continually trained and tested on security awareness and the obligations to our clients and stakeholders on data security. Multifactor authentication is required as well as secure remote access technologies for SIGNiX employees who access internal systems. Background checks and strict confidentiality agreements are required for all SIGNiX employees.

Infrastructure

SIGNiX is currently hosted at Rackspace, a leading data center and managed service provider. As mentioned above, Rackspace holds global security certifications and compliance verifications for Service Organization Controls SOC 2 Type II and SOC 3, as well as ISO 27001.

Vendor Management

A comprehensive third-party management program ensures that critical third parties that provide services to SIGNiX also maintain a good security posture.

 

Best Digital Signature Enforceability

It isn't enough to meet the minimum requirements of the ESIGN Act and UETA. These laws simply say that e-signature is a legal way to sign documents. What really matters is whether you're able to prove who signed your documents. That's why we ensure the highest levels of enforceability—even more than you'd get with a pen and paper. 

Each SIGNiX digital signature (whether a signature or initial) is directly embedded cryptographically into the PDF document per ISO 32000-1 and RSA standards. With each signature and initial, (1) the document is protected / evident against any change and (2) a relying party can click on it to view metadata around the signature, including IP address, browser and transaction ID. In fact, at every signature / initial, the relying party can click on the signature to view the document as it was recorded at the time of signing, all offline, and built right into the document.

In addition to the information above, each SIGNiX transaction includes a highly detailed audit trail. In TotalAudit™, a signature process can be carefully analyzed, signature by signature, document by document, and event by event. This audit trail traces every single event from the initiation of the transaction to its final steps, capturing key legal points (such as disclosure/consent) and events along the way. SIGNiX maintains information for each signature and initial. This audit trail can be downloaded by relying parties manually as well as automatically via CC and API calls. The audit trail is protected against tampering with its own digital signature / tamper-proof seal.

Information captured includes but is not limited to: signer information (name, email, authentication, consent date/time, IP address of each access to system, browser used), date/time of each signature, cryptographic information for each signature (fingerprint/hash of document before & after signing, digital certificate information), the content of each and every email notification sent by system to signers/submitter, opt-outs (reasons), and transaction cancellation/expiry/completion.

 

Internationally Valid

SIGNiX meets digital signature standards around the world. We proactively work with legislative bodies around the world to establish digital signature legislation and policy. SIGNiX’s advanced digital signatures are legal and enforceable in the European Union and around the world.

 

Signer Identification Options

SIGNiX offers a variety of ways to prove the identity of your signers. From a simple email or text message to more advanced methods, you can customize the identity authentication options for each of your signers every time a document is signed.