SignWell is compliant with the strictest electronic signature laws:
a) EU Electronic Identification and Authentication Services Regulation (910/2014/EC), commonly referred to as eIDAS, which took effect on July 1, 2016, and replaced both the EU Directive on Electronic Signatures 1999/93/EC and other EU member state laws that were inconsistent with eIDAS;
(b) Electronic signatures in the Global and National Commerce Act, which is commonly known as the ESIGN Act of 2000 (US law); and
(c) The Uniform Electronic Transactions Act, also known as the UETA of 1999 (US law).
SOC 2 Compliance
SignWell is SOC 2, Type 2 (Security, Availability, and Confidentiality) compliant.
Please contact [email protected] to request SignWell's most recent SOC 2 report.
What is SOC 2, and why is it important?
Systems and Organizations Controls (SOC) is an audit methodology and reporting framework developed by the American Institutes of Certified Public Accountants (AICPA). The requirements for security, availability, and confidentiality are detailed in the Trusted Services Criteria document by AICPA.
To become compliant and achieve certification by an independent, third-party security-specialized CPA company, SignWell’s technical solutions, safeguards, and procedures have been audited.
While security and protecting our customers’ data are always our focus, during the rigorous audit, SignWell has provided evidence of its implemented security solutions and data protection methodology, demonstrating our commitment to providing a reliable and secure electronic signature platform.
SignWell is HIPAA compliant.
What is HIPAA, and why is it important?
The Health Insurance Portability and Accountability Act is a law of the US government that sets rules and requirements for the management and protection of health-related personal information, often called personal health information (PHI) or electronic personal health information (ePHI).
SignWell has implemented the safeguards required by the law and has been audited by a third-party, checking our compliance with the requirements, and the effectiveness of the implemented controls and procedures. SignWell has met or exceeded requirements related HIPAA compliance.
SignWell is GDPR compliant.
General Data Protection Regulations is an EU law that is relevant to everyone living in the EU or managing the data of persons from the EU. The law sets out the principles for companies such as SignWell on how to handle the personal data of the users, and it requires the protection of personal data.
SignWell has implemented these requirements and is compliant with all the principles of the GDPR. To learn how we use your data to provide services for you and your rights as an EU user regarding your personal data, please review the details on our privacy page: https://www.SignWell.com/privacy/
Network and System Security
The SignWell system is well protected, with best-practice security solutions implemented. When you are using our services—for example, logging in to the website and accessing documents—the connection between your computer and SignWell servers is encrypted using Transport Layer Security (TLS) Version 1.2.
Your data are also encrypted when stored using the AES-256 encryption standard, which is used by the US government to protect confidential information.
We are continuously updating our servers and systems with the latest security updates, and the effectiveness of these updates is validated regularly. The SignWell network environment is monitored, and each network connection is checked for malicious activities (an intrusion detection system).
Our systems and services are placed in AWS data centers using AWS services. AWS data centers provide high-level security, including remote locations, guards protecting the area and buildings, redundant power supply lines, redundant internet connections, and automated fire suppression systems.
Both AWS data centers and services are certified by independent auditors according to ISO 27001 (information security management system), ISO 27017 (information security management systems in the cloud), ISO 27018 (information privacy in the cloud), SOC 2, and HIPAA requirements, meaning that systems operate on certified secure services.
SignWell is running on AWS services using high-availability and fault-resistant solutions. Our systems are running at multiple physical locations (so-called availability zones) at the same time, ensuring that, if one of the zone services is interrupted (a highly unlikely event), the other zone continues to operate and provide services.
SignWell has created a disaster recovery plan and a business continuity plan describing step-by-step how to ensure continuous operation. We regularly test scenarios and constantly enhance our methodologies to ensure that our services are available to you. Our operation team regularly monitors the services and operational KPIs to provide you with the highest availability possible.
SignWell is committed to protecting your data and providing a secure service to you. Additionally, using high-availability servers and encryption at transit and rest, we restrict the who, how, and when of access to production environments.
Employee background checks are carried out according to the local laws. We train all employees about security and privacy principles, as well as how to implement them within our environments.
Access to customer data is limited to employees who need to access it and when they need to access it (for example, troubleshooting). All access and activity is logged and monitored. User accounts and access levels are reviewed regularly.
All systems in the production environment are configured to provide the highest level of security. To ensure this, we use security checks and automated update tools.