Signority Security Overview

Applying the latest strategies, approaches, and techniques to our people, process, and technology

Our Customer Security Commitment

  • Your data always belongs to you. While entrusted to us, we will protect it with a high standard of due care that you expect.
  • We will use modern, standardized approaches to protect your information.
  • We will be transparent about how your data is managed and where your data is stored.
  • You can ask us questions about our security measures at any time.

Our Process

Security starts and ends with our talented team since ultimately security rests with people. Every Signority employee and contractor must be security cleared with the federal government security clearance program and/or have a police Level 2 – Criminal Record & Judicial Matters Check involving 13 different types of security checks.

All employees have specific security duties identified within their job descriptions and are measured on those during their annual performance reviews. All employees undertake comprehensive, mandatory security and privacy training every October during international cyber security awareness month (CSAM). They also receive additional security awareness training, undergo testing, and take additional specific security training courses related to their positions, throughout the year.

Implementing Security Frameworks

Signority uses the internationally adopted and gold standard National Institute of Science and Technology’s (NIST) Cyber Security Framework (CSF) as our baseline security framework. We also select, map, and embed security controls from other security frameworks such as ISO 27001/02 (security controls), ISO 27017 (cloud security), ISO 27018 (cloud data security) the Center for Internet Security (CIS), Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM), Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM) and System and Organization Controls (SOC), among others.

We use DevSecOps (Development, Security, Operations) methods and practices to develop and maintain our software and operations. We also use the Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM) approach to software development.

We maintain a Threat and Vulnerability Management (TVM) program to build systems securely from the onset, and to continually assess and remediate vulnerabilities and threats as they arise.

We believe in a ‘Zero Trust’ security model, using network granular network segmentation, micro application segmentation, strong identity and access management (IAM) and many other security controls.

The Signority eSignature Platform is operated within highly secure and resilient Amazon Web Services (AWS) clustered data centers within Canada. AWS maintains ISO 27001, ISO 27017, ISO 27018, HIPAA, SOC 1/ISAE 3402, SOC 2, SOC 3, CSA Star Level 1, 2 and 3, FISMA, DIACAP, and FedRAMP externally audited security certifications. We also leverage numerous AWS security services to provide enhanced security for our eSignature Platform.

Solution Security

Customers access Signority eSignature Platform services using strongly encrypted extended validation (EV) Transport Layer Security (TLS) certificates to encrypt the data in transit between users and the Signority eSignature Platform. We only allow the highest security TLS 1.2 and 1.3 password protocols, and do not allow weaker TLS or SSL nor do we allow the use of older, weaker browser versions or weak encryption algorithms.

We provide strong identity and access management (IAM) security controls and strongly suggest that our customers use second factors of authentication (2FA) to protect their accounts. We provide single sign-on (SSO) using Security Assertion Markup Language (SAML) to allow our customers to use their own identities with their own password dynamics, as well as their preferred methods of second-factor authentication.

While customer documents, including most personal information, is held within our Canadian data centers, we have partnered with sub-processors located in the USA to provide optional services, such as texting and email services, should our customers require them. We only provide our sub-processors with very limited, high level personal information, such as name, email address and mobile telephone number. Your core personal information and documents always remain in Canada.

For more info, refer to our security FAQ here: https://signority.com/trust/security/faq

To learn about our vulnerability reporting program, visit: https://signority.com/trust/vulnerability