EasySend eSignature Compliance

Article Overview

The following article describes EasySend’s eSignature compliance. 

Background

Electronic signature is a major part of EasySend’s offering. By leveraging a legally binding, secure eSignature, EasySend can streamline customer-facing processes that would otherwise take weeks to complete.

Compliance

The following sections describe EasySend's compliance standards.

Company - SOC 2 Type 2 and ISO 27001

EasySend maintains SOC 2 Type 2 and ISO 27001 certifications for information security, which assure that the company's systems and controls meet industry standards for security and privacy:

• SOC 2 Type 2 and ISO 27001 are both widely recognized standards for information security and privacy. SOC 2 Type 2 is an auditing standard that focuses on a company's controls related to security, availability, processing integrity, confidentiality, and privacy. It is intended to ensure that a company's systems and controls meet industry standards and protect sensitive customer data. EasySend undergoes an annual SOC 2 Type 2 Audit performed by Ernst and Young.
• ISO 27001 is an international standard that outlines a framework for managing sensitive information, including customer data. It provides a systematic approach to managing sensitive information, including risk assessment, security controls, and regular monitoring and testing. EasySend undergoes an annual and annual audit for its ISO 27001 by the Israeli Institute of Standards (a certified partner of IQNet International Certification Network, Accredited by ANAB - ANSI National Accreditation Board, and the IAF).
• Both SOC 2 Type 2 and ISO 27001 are robust standards, and when a company is compliant with them, it indicates that they have implemented a comprehensive set of controls to protect sensitive data and maintain the confidentiality, integrity, and availability of their information. Compliance with these standards assures customers that the company has implemented robust security measures to protect their sensitive data.

eSignature Regulations

EasySend eSignature service embeds worldwide known digital certificate services such as Adobe Approved Trusted List (AATL), enabling our compliance with several eSignature laws and regulations such as:

• The Electronic Signatures in Global and National Commerce (ESIGN) Act 
• The Uniform Electronic Transactions Act (UETA) 
• The European Union's Electronic Identification and Trust Services (eIDAS)Regulation
• The Asia-Pacific Economic Cooperation (APEC) Privacy Recognition for Processor (PRP) system 

These laws and regulations provide legal recognition for electronic signatures and transactions, ensuring that EasySend's eSignatures are legally binding and enforceable.

AATL

(See Figure 1)

The Adobe Approved Trust List (AATL) enables users to sign documents in Adobe Document Cloud solutions using digital signing certificates that are trusted globally. The Certificate Authorities (CAs) and Trust Service Providers (TSPs) issue digital signing certificates and timestamp services. The certificates and timestamp services comply with global legal and regulatory requirements. Adobe’s digital signatures also work with every accredited provider offering qualified trust services listed in the European Union Trust List (EUTL).

Figure 1: AATL

General Data Protection Regulation (GDPR)

EasySend is GDPR compliant since May 25, 2018. The GDPR replaces the 1995 EU data protection directive and is designed to harmonize data protection laws across the EU, protect the privacy of EU citizens, and give individuals more control over their personal data. 

The regulation applies to all organizations that process the personal data of individuals in the EU, regardless of where the organization is located. The GDPR sets out strict rules for how personal data must be collected, processed, and stored, and gives individuals the right to access their personal data, the right to have it erased, and the right to restrict its processing.

Health Insurance Portability and Accountability Act (HIPAA)

EasySend is compliant with HIPAA, which is a federal law of the United States that was enacted in 1996. The main purpose of HIPAA is to protect the privacy and security of individuals' health information (known as Protected Health Information (PHI)) and to ensure the secure exchange of electronic health information. 

HIPAA applies to health plans, healthcare clearinghouses, and healthcare providers who transmit health information in electronic form. HIPAA requires entities covered by the law (known as "covered entities") to implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI. 

Covered entities must also comply with specific requirements related to the use and disclosure of PHI, and they must provide individuals with access to their PHI upon request.

Audit Trail

EasySend's eSignature service includes an Audit Trail feature that allows users to track and view the activity related to a specific document. 

The Audit Trail provides a detailed record of all the events that have occurred during the signing process, including the date and time of each event, the name of the person who performed the action, and the IP address used. This feature allows users to see who has signed a document, when they signed it, and what actions they took during the signing process.

The Audit Trail also allows users to view the version history of a document, including any changes that were made to the document before it was sent for signing. This allows users to see who made the changes and when they were made, providing transparency and accountability throughout the signing process.

The Audit Trail capabilities of EasySend provide a complete record of all the activities associated with a document, which can be helpful for compliance and legal purposes, as well as for tracking the progress of a document through a business process.

Data Security and Privacy

EasySend was designed to comply with the complex requirements of financial institutions, insurance companies, government agencies, and enterprise organizations. We understand your data is your most valuable asset, and your customers’ privacy is your highest priority. This is the reason we uphold the highest standards for data protection.

Encryption

Every piece of personal/sensitive data in EasySend is encrypted, both at rest and in transit. In addition, sensitive data fields get an additional layer of encryption at the application level. This unique offering ensures that data residing in a persistent data store always requires an additional external key to work with.

While this approach introduces major engineering challenges, we have decided to adhere to this high standard to ensure your data is always safe with EasySend.

Data Expiry 

Every piece of data used in the platform is always assigned with an expiry date. Inherently, EasySend acts as a better data intake tool, but not as a replacement for storing your data in your existing organizational systems (Core System, CRM).

This ensures we only hold a very limited number of data points at a given point in time, and the risk in many attack vectors.

Data Separation - EasySend Shield

Our highest protection tier “EasySend Shield” ensures complete machine separation of your production environment. That means that your production workloads will run on dedicated servers and databases that are allocated specifically for you.

This tier means your application server containers will scale up underlying infrastructure and automatically spin up new virtual machines based on your current workload when needed.