HelloSign Trust Center

The failure to adhere to information security standards is a risk no company should ever take. It can result in a range of costly penalties from civil fines to prosecution in criminal court. In some of the most extreme cases, the officers of a company that is non-compliant can face jail time. We at HelloSign understand the serious ramifications of compliance and have diligently built processes to make our service compliant with the standards which govern your business.

‍

HelloSign is compliant with the following:

• SOC 2 Type I
• HIPAA
• The U.S. ESIGN act of 2000
• The Uniform Electronic Transactions Act (EUTA) of 1999
• The new eIDAS regulation for the EU of 2016 (EU Regulation 910/2014), which replaces the former European EC/1999/93 Directive
• Privacy Shield
• GDPR (General Data Protection Regulation)

‍

Here’s a list of some of the many procedures we’ve put in place to meet compliance standards:

• ‍Information Security Policy
• ‍Acceptable Use Policy
• ‍Code of Conduct
• ‍Background checks for all employees
• ‍Endpoint encryption for all company owned/issued devices
• ‍Release Management Procedure
• ‍Change Management Procedure
• ‍Release Notes
• ‍Access Provisioning, Termination, and User Access Review Procedure
• Incident Response Plan
• Business Continuity and Disaster Recovery Plan
• ‍Penetration Testing Program
• ‍Bug Bounty Program
• ‍Breach Notification Policy
• Security & Risk Management Committee