Securing Your Trust: Signority’s Compliance Journey

Securing Your Trust: Signority’s Compliance Journey

October 5th, 2023

Signority’s security & compliance principles guide how we deliver our products and services, enabling people to simply and securely access the digital world.

Secure Personnel

Child & Family Services encompass an array of responsibilities, from safeguarding children against harm to providing necessary support to families in crisis. Each interaction, whether it’s an initial intake, assessment, or even volunteer onboarding, requires multiple layers of documentation. Historically, this has meant paper forms, manual logging, and significant administrative overhead.

The Practical Benefits of Signority’s Digital Approach

Signority takes the security of its data and that of its clients and customers seriously and ensures that only vetted personnel are given access to their resources.

  • All Signority contractors and employees undergo background checks prior to being engaged or employed by us in accordance with local laws and industry best practices.
  • Confidentiality or other types of Non-Disclosure Agreements (NDAs) are signed by all employees, contractors, and others who have a need to access sensitive or internal information.
  • We embed the culture of security into our business by conducting employee security training & testing using current and emerging techniques and attack vectors.
 

Secure Development

  • All development projects at Signority, including on-premises software products, support services, and our own Digital Identity Cloud offerings follow secure development lifecycle principles.
  • All development of new products, tools, and services, and major changes to existing ones, undergo a design review to ensure security requirements are incorporated into proposed development.
  • All team members that are regularly involved in any system development undergo annual secure development training in coding or scripting languages that they work with as well as any other relevant training.
  • Software development is conducted in line with OWASP Top 10 recommendations for web application security.
 

Secure Testing

Signority deploys third party penetration testing and vulnerability scanning of all production and Internet facing systems on a regular basis.

  • All new systems and services are scanned prior to being deployed to production.
  • We perform penetration testing both by internal security engineers and external penetration testing companies on new systems and products or major changes to existing systems, services, and products to ensure a comprehensive and real-world view of our products & environment from multiple perspectives.
  • We perform static and dynamic software application security testing of all code, including open source libraries, as part of our software development process.

Cloud Security

Signority Cloud provides maximum security with complete customer isolation in a modern, multi-tenant cloud architecture.

Signority Cloud leverages the native physical and network security features of the cloud service, and relies on the providers to maintain the infrastructure, services, and physical access policies and procedures.

  • All customer cloud environments and data are isolated using Signority’s patented isolation approach. Each customer environment is stored within a dedicated trust zone to prevent any accidental or malicious co-mingling.
  • All data is also encrypted at rest and in transmission to prevent any unauthorized access and prevent data breaches. Our entire platform is also continuously monitored by dedicated, highly trained Signority experts.
  • We separate each customer’s data and our own, utilizing unique encryption keys to ensure data is protected and isolated.
  • Client’s data protection complies with SOC 2 standards to encrypt data in transit and at rest, ensuring customer and company data and sensitive information is protected at all times.
  • We implement role-based access controls and the principles of least privileged access, and review revoke access as needed.

Compliance

Signority is committed to providing secure products and services to safely and easily manage billions of digital identities across the globe. Our external certifications provide independent assurance of Signority’s dedication to protecting our customers by regularly assessing and validating the protections and effective security practices Signority has in place.

Signority Acquires SOC 2, CSA Level 2, and HIPAA Compliance

Signority Acquires SOC 2, CSA Level 2, and HIPAA Compliance

October 3rd, 2023

Ontario, Canada, September 27, 2023 – Today, Signority celebrates achieving the SOC 2 Type II compliance, in line with the standards set by the American Institute of Certified Public Accountants (AICPA), commonly referred to as SSAE 18. With an unqualified opinion supporting this achievement, Signority underscores its dedication to enterprise-level security, ensuring the safety of customer data within its system.

Furthermore, Signority has earned the CSA Star compliance, adhering to the Cloud Security Alliance’s Security, Trust, Assurance, and Risk Registry benchmarks.

With a global footprint, Signority provides a cloud-secured digital signature solution. Our platform’s security and compliance credentials were meticulously audited by the reputed Prescient Assurance, known for their expertise in B2B and SaaS sector assessments. We extend our gratitude to Secureframe for their pivotal support in this journey.

Our SOC 2 Type II and CSA Star audit certifications offer a solid reassurance to our existing and future clientele about Signority’s steadfast commitment to maintaining superior standards in security and compliance.

If you ‘d like to acquire Signority’s attestation letter, please reach out to compliance@signority.com.

About Signority

Catering to a worldwide user base, Signority champions in providing leading-edge digital signature workflow solutions. We pride ourselves on ensuring legal compliance, efficiency, cost savings, and enhancing overall productivity for our clients.

Media Relations

Jane He
1.833.222.1088
mediarequests@signority.com

Digitizing Canadian Child & Family Services: Signority’s Impact

Canadian Child & Family Services:

A Digital Transformation

Canadian Child & Family Services:

A Digital Transformation

Digitizing Canadian Child & Family Services: Signority’s Impact

September 26th, 2023

Children represent the future, and families are the cornerstone of our society. In the heart of community resilience and strength lies Child & Family Services organizations. They play an indispensable role in ensuring the safety, health, and overall well-being of our most vulnerable members – our children. Yet, like many sectors with deeply embedded traditional processes, Child & Family Services have often been bound by paper-heavy methods, which can delay vital interventions and take crucial time away from direct service.

Signority: Transforming Child & Family Services with Digital Solutions

Child & Family Services encompass an array of responsibilities, from safeguarding children against harm to providing necessary support to families in crisis. Each interaction, whether it’s an initial intake, assessment, or even volunteer onboarding, requires multiple layers of documentation. Historically, this has meant paper forms, manual logging, and significant administrative overhead.

The Practical Benefits of Signority’s Digital Approach

Streamlined Consent Processes: Child & Family Services often require consent forms for various activities, including medical treatment, counseling, urgent response service plan (URS), and educational support. Signority’s digital signature solution simplifies the process of obtaining and managing these consents. Social workers can send consent forms electronically, and clients or guardians can sign them from anywhere, reducing delays and ensuring that necessary permissions are in place promptly.

Efficient Document Signing: Whether it’s agreements, service contracts, or parental consent forms, Signority enables Child & Family Services to send, receive, and sign documents quickly and securely. This efficiency is vital in situations where time-sensitive decisions must be made to protect the well-being of children and families.

Data Security: Signority hosts Canadian customer data exclusively within Canada. Our platform employs advanced encryption and security measures to safeguard sensitive information. Given that Child & Family Services handle confidential data daily, Signority’s robust security features, including masked tags for data security, guarantee that personal identifiable information (PII) remains confidential and fully compliant with data protection regulations.

Environmental & Cost Savings: By shifting away from paper-based processes, agencies can reduce their reliance on physical documents, saving money on printing, storage, and transportation. Additionally, this eco-friendly approach aligns with the broader societal trend towards sustainability.

Access from Anywhere: Signority’s cloud-based platform allows social workers and professionals to access necessary documents from anywhere with an internet connection. This accessibility ensures seamless service delivery, even when working remotely or in the field.

Efficient Onboarding: For Child & Family Services that rely on volunteers or need to conduct background checks, Signority’s digital signature solution streamlines the onboarding process. Volunteer applications and criminal record checks can be seamlessly integrated, ensuring that the agency has the right people on board quickly and safely.

Audit Trails for Accountability: Signority provides audit trails for every signed document, enhancing accountability and transparency within the organization. This feature is particularly valuable in cases where document validity and compliance are essential.

Faster Response Times: Digital signatures expedite the signing process. Social workers can get the necessary approvals in place swiftly, reducing response times and ensuring that children and families receive the support they need without unnecessary delays.

These benefits underscore how Signority’s digital signature solution is uniquely positioned to meet the needs of Child & Family Services by simplifying administrative tasks, ensuring data security, and enhancing efficiency in a sector where time and accuracy are critical for protecting vulnerable children and families.

Ultimately, the mission is clear. It’s not just about digitization for the sake of modernity. It’s about providing Child & Family Services with the platform they need to do their job more efficiently, so more time and resources can be allocated where they matter most: directly with children and their families.

By leveraging the power of Signority, Child & Family Services organizations can ensure that every child’s story is not just heard but also acted upon with the efficiency, care, and urgency it deserves.

Signority is proud to be a part of this transformative journey, offering solutions that make a tangible difference in the lives of many.

How Signority Secures Your Data

How Signority Secures Your Data

How Signority Secures Your Data

My last blog, Three Stages of Data; In Transit, At Rest, & In Use described each of the three data stages and touched on how each stage requires a different approach to security and privacy. Today we are going to talk about:

  1. when your data enters each of the three stages during the workflow, and
  2. how Signority secures your data. 
Three Stages of Data
Three Stages of Data

If you’ve used Signority you know that every document has a workflow.  The workflow begins at the creation of the document and ends when it’s been stored after it has been signed by all participants.

During the it’s workflow your document and any data related to it, enters all three stages of data at various times. Here is each of the data stages and when your document enters that stage during the workflow.

In Transit: Your information related to your document is in transit (or in motion) when:

  1. someone registers for a new account
  2. you send the email notifications to the signers that there is a document ready for signing, and,
  3. when the document has completed the workflow, meaning it has been signed by everyone, and a copy of the document is sent to each of the document participants (senders and recipients).

At Rest: All information related to the document and the document itself is at rest:

  1. when it is waiting for the next person in the workflow to sign the document
  2. it is stored on our servers once the workflow has been completed.

In Use: Your document and any related data, i.e.: the audit trail, are ‘in use’:

  1. when a recipient or user are editing the document by adding the required information and/or signatures
  2. the Signority platform is updating the audit trail with any actions, i.e.: signed, id verification, etc.

Signority starts our security process with our employees. All employees and sub-contractors must be security cleared with the federal government security clearance program. And they must complete a minimum amount of security and compliance training each year.

For In Transit and In Use data Signority eSignature Platform services using strongly encrypted extended validation (EV) Transport Layer Security (TLS) certificates to encrypt the data in transit between users and the Signority eSignature Platform. We only allow the highest security TLS 1.2 and 1.3 protocols, and do not allow weaker TLS or SSL.  The article linked above explains in detail what EV and TLS certificates are, what they do, and why we use them. 

If you would like to know our rating, here is the most current certificate for Signority at the time of this blog post.

We also do not allow the use of older browser versions. Older versions are not updated with the latest security features and updates to ensure a secure browsing connection.

Data at rest data at rest is encrypted by using state-of-the-art AWS encryption technology and we salt usernames & passwords. 

What is a ‘salted’ username and password?  A salted username and password is a process where they are converted through a ‘hashing algorithm’ into an unintelligible series of numbers and letters. You can read a more detailed breakdown here at Okta.com.

Plus, we offer masked tags for end users to encrypt their sensitive information on documents.

If you are not a technical person, think of it this way:

  1. Your information is locked in a box that requires a key.
  2. That key is locked in another box that requires another key to open it.
  3. And that box, with your box, is in a box that is password protected. 

So your data is guarded with multiple layers of protection ensuring your data is secure and private.

If you would like to know more about how Signority protects customers data and privacy I encourage you to go to our Trust Centre. In Signority’s Trust Centre you can review our approach to Security, Privacy, Compliance, and Legislation (Legal).

Have questions? 

Contact us by:

  • calling at 833-222-1088,
  • using the chat icon on the bottom right of your screen,
  • or through our contact form.

Look for my next blog, ‘What is Data Residency? And Does it Matter?