In the age of digital transformation, companies are scrambling to find a balance between providing delightful transactions for users and maintaining strong legal and security measures should those transactions ever become the subject of a court case.
By outsourcing eSignature collection to a software platform that provides the bank-level security, detailed audit trails, thorough authentication, and diligent compliance protocols we’ll explore today; organizations will be able to maximize the legality and security of their online transactions without putting the burden of exhausting, complex workflows on their customers or employees.
Are eSignatures Really Legal?
Let’s start with the basics—documents signed electronically have the same legal protections as those signed with a good ol’ pen.
Much of this is thanks to the Electronic Signatures in Global and National Commerce (E-SIGN) Act, which was enacted in the U.S. in 2000. The E-SIGN Act basically says that agreements, contracts, transactions, and other documents that are signed electronically shouldn’t be denied legality just because they don’t exist on paper.
To learn more about eSignature legality, be sure to visit HelloSign’s Trust Center.
4 Ways to Maximum Legality and Security Using eSignature Software
Whether you choose to build your own eSignature platform (you must have an impressive tech team!) or partner with a provider that specializes in eSignature software (BTW, HelloSign has been named the easiest eSignature tool to implement for several years in a row), it’s critical that you use a solution with strong legality and security measures to protect your most valuable clients and transactions.
Bank-level security is a vital element for eSignature software as it assures that the data gathered from audit trails and authentication (both of which we’ll explore in this piece) is trustworthy.
In addition, should an eSignature or digital document come under legal scrutiny, these bank-level security protocols will make sure it stands up in court.
That’s why we come out of the gate strong on security. At HelloSign, all your communications are safeguarded by Secure Sockets Layer (SSL) encryption. Each document is stored behind a firewall and authenticated against the sender’s session every time it’s requested. Documents are also encrypted with a unique key—each of which is in turn encrypted with a regularly rotated master key. So even if someone were able to bypass physical security, they still wouldn’t be able to decrypt your data.
Speaking of physical security, we store our data in a SOC 1 Type II, SOC 2 Type I, and ISO 27001 certified data center. Access to the data center is strictly controlled by security staff equipped with video surveillance, multi-step authentication, and state-of-the-art intrusion detection systems.
Detailed Audit Trails
Audit trails ensure that every action on an electronic document is thoroughly tracked and time-stamped so you can tell if it was ever modified or tampered with without your knowledge.
HelloSign creates a comprehensive, non-editable transaction trail between signing parties to make sure every eSignature and digital document has a court-admissible audit trail.
To provide you with a transaction history, we track and timestamp various information—including IP and UserAgent info—from the moment the document is submitted for signature to when it is signed and completed. To help ensure that any tampering of your transaction log is detectable, we process each transaction with hashing technology. This provides a “copy” of every version of the document which you can use for comparison should a questionable version ever come to light.
These are all the events HelloSign’s eSignature software tracks to create detailed audit trails:
Combine detailed audit trails with authentication that the signers were all who they said they were (which we’ll discuss next!) and bank-level security and you’re prepared to provide defensible proof of every time someone accessed, reviewed, and signed a document.
To maximize legality and security, it’s important that your eSignature platform takes major steps toward verifying that a user is who they say they are before they’re allowed to execute a signature or even access a document.
Most commonly, capturing their IP address and proving a person had access to a specific email account and/or phone number is enough to connect them to the computer and software that was used when the eSignature was created.
When using HelloSign, any person signing a document must either have login information for HelloSign or have received a request for signature via email. To ensure no one is able to access a HelloSign user account without permission to sign or send documents fraudulently, all user information including usernames and passwords are 256-bit SSL encrypted. We also seek to prevent others from accessing or using your account by timing-out sessions and emailing you every time a contract is sent to, received by, or signed by your account.
In addition, we allow users to set up two-factor authentication which requires the entry of a unique code sent to a mobile device along with their username and password. Users can also enable a 4 to 12 digit code that signers must enter to view or sign a document. All of the authentication data that a user provides to HelloSign is encrypted and passwords are hashed and salted with an adaptive hashing algorithm.
Diligent Compliance Measures
Failing to adhere to pertinent compliance regulations can result in repercussions ranging from costly fines to prosecution and even jail time. Why risk the security—or the revenue and the future—of your business on less-than-diligent information security standards?
At HelloSign, we protect our clients from the serious ramifications of compliance by building in processes that make sure our eSignature platform complies with the standards that govern your business.
HelloSign is compliant with:
- SOC 2 Type I
- The U.S. E-SIGN act of 2000
- The Uniform Electronic Transactions Act (EUTA) of 1999
- The new eIDAS regulation for the EU of 2016 (EU Regulation 910/2014), which replaces the former European EC/1999/93 Directive
- Privacy Shield
- General Data Protection Regulation (GDPR)
In addition, here are just some of the many procedures we’ve put into place to meet compliance standards no matter your industry or the size of your business:
- Information Security Policy
- Acceptable Use Policy
- Code of Conduct
- Background checks for all employees
- Endpoint encryption for all company-owned and/or -issued devices
- Release Management Procedure
- Change Management Procedure
- Release notes
- Access Provisioning, Termination, and User Access Review Procedure
- Incident Response Plan
- Business Continuity and Disaster Recovery Plan
- Penetration Testing Program
- Bug Bounty Program
- Breach Notification Policy
- Security and Risk Management Committee
Get in touch and we’ll help you determine if HelloSign is the right eSignature platform for your security and legality needs.
Balance Legality, Security, and User Experience with HelloSign
At HelloSign, we’re dedicated to helping organizations discover an eSignature solution that provides ease-of-use and exceptional security. Usability is important to your customers—but taking careful security, audit, authentication, and compliance measures is important to you and the legality of the business you conduct online.
The good news is, you don’t have to choose between usability, security, or legality anymore. Balance a delightful user experience with extra-strength legal and security features when you team up with HelloSign—a powerful, award-winning platform that caters to everyone from small businesses to enterprise organizations.