The failure to adhere to information security standards is a risk no company should ever take. It may result in a range of costly penalties from civil fines to prosecution in criminal court. In some of the most extreme cases, the officers of a company that is non-compliant may even face prison time. At HelloSign we understand the serious ramifications of non-compliance and have diligently built processes to make our service compliant with the standards which may govern your business.
Please contact us (via email: compliance-reports@hellosign.com) for access to our policies, procedures, audits, and assessments. Additionally you can obtain a copy of our information security whitepaper here.
HelloSign is compliant with the following:
- SOC 2 Type II
- ISO 27001
- Our HelloSign and HelloWorks products are HIPAA compliant
- The U.S. ESIGN act of 2000
- The Uniform Electronic Transactions Act (EUTA) of 1999
- The eIDAS regulation for the EU of 2016 (EU Regulation 910/2014), which replaces the former European EC/1999/93 Directive
Here’s a list of some of the many procedures we’ve put in place to meet compliance standards:
- Information Security Policy
- Acceptable Use Policy
- Code of Conduct
- Background checks for all employees
- Endpoint encryption for all company owned/issued devic
- Release Management Procedure
- Change Management Procedure
- Release Notes
- Access Provisioning, Termination, and User Access Review Procedure
- Incident Response Plan
- Business Continuity and Disaster Recovery Plan
- Penetration Testing Program
- Bug Bounty Program
- Breach Notification Policy