Security of E-Sign's Electronic Signature

E-Sign’s priority is to make your experience safe and secure. We ensure you have the information you need to feel comfortable transacting business online. We are the only electronic signature provider authorised on the UK Governments secure Public Service Network

Try Us Free
Resources for Security around eSignatures

Trusted By

Walgreens Boots Logo
UK Fuels Logo
Somerset Logo
Peterborough City Council Logo
NHS Logo
NFU Mutual
Multivac Logo
Mid Devon Logo
University Hospitals of Leicester
NCHA Logo
Hart District Council Logo
Wanderlands Company Logo
Sureserve Company Logo
Indigo Company Logo
Green Commute InitiativeI Company Logo
Energy Platform as a Service Logo
Walgreens Boots Logo
UK Fuels Logo
Somerset Logo
Peterborough City Council Logo
NHS Logo
NFU Mutual
Multivac Logo
Mid Devon Logo
University Hospitals of Leicester
NCHA Logo
Hart District Council Logo
Wanderlands Company Logo
Sureserve Company Logo
Indigo Company Logo
Green Commute InitiativeI Company Logo
Energy Platform as a Service Logo

E-Sign Information Security & Data Protection

Due to an increasingly interconnected environment, information is exposed to a larger and wider variety of risks. With continuous threats such as computer viruses, Trojan horses, Denial-of-Service (DoS) Attacks and Phishing becoming more common, ambitious and sophisticated, it makes implementing, maintaining and updating information security in an organisation more of a challenge. However, here at E-Sign we have robust policies and procedures in place to protect a secure information infrastructure. We are ISO 27001 and Cyber essentials accredited, have been approved as an authorised supplier on the Government’s PSN and are ITHC compliant.

eSign Infrastructure

At eSign, security and privacy are at the heart of everything we do. With both the latest cyber and physical security measures in place, you can be sure your data and network are protected with eSign.

Operating from UK-based, ISO 27001-certified data centres, our state-of-the-art servers are protected with commercial-grade firewalls, border routers, and network management systems, as well as 24-hour on-site security and strict physical access controls.

Compliant with industry- recognised standards, you can rest assured that our security system will protect your data from loss, damage and cyberthreats.

eSign Infrastructure

Operations and Networks

Our IT security team monitors the E-Sign network, providing assurances for all staff to focus their efforts on other objectives. We have implemented the latest security tools throughout our systems, which focus on any particularly high-value or high-risk integrations and touchpoints. 

  • Logical access management system. 
  • Denial of Service (DDoS) mitigation.
  • Our systems operate under a continual program of review and response to alerts to ensure they are secure and safe from potential threats. 
  • Intrusion detection and prevention systems. 
  • Our state-of-the-art servers are protected with commercial-grade firewalls
  • Anti-malware software integration that automatically alerts E-Sign’s cyber incident response team if potentially harmful code is detected. 
  • Annual Business Continuity Planning (BCP) and Disaster Recovery (DR) testing in place. 
  • TLS 1.2
Operations Networks

Access Control and Compliance

Our access control and compliance policy ensures your data is never compromised. At E-Sign, we leave nothing to chance; we’re constantly testing and improving our security system for the ultimate protection.  

  • Vulnerability testing by third parties. 
  • SSL encryption, meaning your data is protected and safe from hackers.
  • Malware protection.
  • Digital audit trail and Certificate of Completion.
  • Annual UK Government approved Third-party penetration testing.
  • Code reviews.
eSign Access Control and Compliance

Encryption and Validation

  • Subscriber data encrypted in accordance with industry best-practice standards.
  • Access and transfer of data to/from E-Sign via HTTPS.
  • We operate with server-side encryption (SSE), for data encryption.
  • All interactions within the E-Sign platform and website are 100% secure via 256bit.
  • Anti-tampering controls.
  • Signature verification of signing events.
  • Unalterable, systematic capture of signing data.
  • Digital certificate technology.
eSign Encryption Validation

E-Sign’s Assurance

  • Confidentiality– At E-Sign, we understand that confidentiality is essentialOur security policy includes data encryption as standard, so you can be sure your data is in good hands.  
  • Integrity– Our security capabilities protect the integrity of your digital services for peace of mind that our E-Sign solutions will strengthen your cybersecurity, and never compromise it.  
  • Availability– Our stringent security measures ensure your data is protected from cybercriminals, and always available and accessible when you need it.  
  • Authentication– With two factor authentication and ID verification, we ensure we verify the identity of both users and document signers before they can access sensitive data 
  • Read our disaster recovery statement
eSign Assurances

E-Sign Incident Response

E-Sign’s trust and reputation are key, and as such, we take security incidents very seriously. Customer reporting of security threats and suspicious activity is especially effective, and you are an essential information security asset. Once we receive this information, we can assess and continue to produce the highest level of security protection, protecting you and ourselves against cybercrime.

Learn more
Incident Response

Physical and Logical Security

E-Sign provides 24/7 onsite security with stringent physical access controls that align with widely recognised industry standards, including ISO 27001 and Cyber Essentials Plus. We also deploy advanced security software and hardware to safeguard the physical integrity of E-Sign’s eSignature services, as well as the associated computer systems and networks that handle customer data.

This is managed through a centralised system that regulates access to the production environment using a global two-factor authentication process. The isolated production environment is secured by industry-leading network management systems, antivirus software, and malware detection tools. The antivirus software is integrated with automated processes that alert E-Sign’s cyber incident response team immediately upon detecting potentially harmful code.

Incident Response

E-Sign Third Party Risk Evaluation

One of the top priorities for many businesses is third party vendor risk management, which is completely understandable. So, what are the critical elements we need to consider from a third-party risk perspective? Classification and compliance would be considered front of the queue.

Learn more
E-Sign Third Party Risk Evaluation

E-Sign Product Security

Depending on the industry in which an organisation operates as well as the relevant legal and regulatory requirements, different organisations have different appetites for risk security. We at E-Sign are aware of this. Because of this, security is a top priority in the research, design, and development of all of our products, and they are all constructed with configurable security in mind.

Learn more
Product Security

IS027001 Certified

ISO 27001 is the international standard that lays out the specifications for implementing an information security management system (ISMS).

E-Sign first obtained its IS027001 certification for electronic signature and document management in 2014 and has been re-certified every year since.

E-Sign has created an ISO 27001 compliant information security management system which is maintained and improved annually.

THE ISMS is audited on an annual basis by an external UKAS accredited certification body.

Read more
ISO 27001 Certified

Cyber Essentials Certified

Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the National Cyber Security Centre (NCSC). It encourages organisations to adopt good practice in information security.

Cyber Essentials also includes an assurance framework and a simple set of security controls to protect information from threats coming from the internet.

It was developed in collaboration with industry partners, including the Information Security Forum (ISF), the Information Assurance for Small and Medium Enterprises Consortium (IASME), and the British Standards Institution (BSI), and it is endorsed by the UK Government. It was launched in 2014 by the Department for Business, Innovation and Skills. 

Read more
Cyber Essentials Plus Security

Trusted Digital Signature Provider on the Public Service Network

E-Sign is the only electronic signature provider trusted on the Public Service Network. The PSN is the UK Government’s high-performance network, which enables public sector organisations to work together, reduce duplication and share resources.

Government organisations and health trusts access the PSN for secure and trusted digital services, that meet strict regulatory requirements and provide assurance that the service they access has the highest security standards, is exceptionally reliable, and can address issues within a rapid timeframe.

With the rapidly growing digitisation of document management and cloud-based solutions, the need for trustworthy providers has never been more important. The E-Sign document management and electronic signature solution provides businesses with improved efficiencies and major cost savings, creating enhanced advantages over competitors.

View the PSN Approved List
Public Service Network for Security

Compliance process for many government computer systems in the UK

ITHC Approved

An ITHC, or IT Health Check, is an IT security assessment that’s part of the compliance process for many government computer systems in the UK. 

Generally performed by an external service provider, an ITHC touches on both applications and infrastructure and involves an element of penetration testing. 

This accreditation is essential for any company wishing to supply services to public sector organisations via the Public Service Network.

By meeting these requirements and more, E-Sign is able to supply our digital solutions on the PSN, making us the only e-signature on the market with the ability to do so.  

ITCH Approved

We take security and data protection legislation extremely seriously

Disaster Recovery Statement

We ensure data confidentiality, integrity and availability through a robust combination of policies, processes and independent evaluation. Data is hosted in and does not leave the UK.

Relevant accreditations include Crown Commercial Services (formerly G-Cloud) framework provider, PSN ISO/IEC 27001 Information Security Management, ISO 9001 Quality Management and Cyber Essentials.

The approach to our architecture affords us excellent resilience in the context of Business Continuity, Disaster Recovery (DR) and High Availability (HA). We have chosen two geographically separate locations to host our servers to maximise failover and load balance options. E-Sign follow the ISO/IEC 27001:2013 – Information Security Management standard.

Learn more
Disaster Recovery Statement

Support for Sender Policy Framework (SPF) record checking

To flag and quarantine malicious spam on mail servers, enable both Sender Policy Framework (SPF) lookup functionality and Domain-based Message Authentication, Reporting & Conformance (DMARC). The combination of these technologies helps protect against malware spam attacks. Learn more about SPF and DMARC. Check the status of your domain mailer servers here.

eSign Disaster Recovery Statement

Benefits of Using E-Sign

Increased Security
Selectable Password Strength

With the ability to select a customisable password for the E-Sign platform, you can be sure that all users set hard-to-break passwords that effectively protect your sensitive business information from prying eyes.

Two Factor Authentication
2FA for Password Resets

With two-factor authentication ensuring any password resets are legitimate, you can be sure that extra security measures are in place to protect your account from hackers.

ID Checker Services
Additional ID Verification

To ensure your signing process is protected from fraud, you can integrate eSign’s ID Checker to confirm the identity of your signers before they can access any business sensitive data.

Increased Efficiency
Password and SMS Protected Documents

To offer additional protection for your business information, you can enable SMS authentication and password protection for all documents, ensuring only authorised personnel can access the contents.

Digital Signature Certificate
Single Sign-on

Implement secure access control and provision new users for all of your corporate apps with Single Sign-On (SSO). SSO streamlines and secures user login by requiring a single password across all SSO-capable apps.

Advanced Audit Tracking
Digital Certificate & Advanced Audit Trail

Every completed document is supported by a digital certificate documenting the author, signers, devices used, IP addresses, time, and date stamps and an advanced audit trail to record your document transaction at every stage.

Try eSign FREE for 14 Days

Try the UK's leading electronic signature online document signing service free, no credit card required
Try Us Free
Try eSign Free Today

Accreditations & Awards

Crown Commerical Provider
Cyber Essentials Plus
ISO 9001 Quality Management
ISO 27001 Information Security Management
Information Commissioner's Office
2023 SME Committed Badge
digital-trasnformation-UK-winner
esign gdpr logo

Reviews & Security

Capterra User Reviews
G2 Crowd Reviews
Trustpilot Logo
Secure Trusted Commerce
Rapid SSL Logo
Select Language