Signeasy has long prided itself on creating a delightful customer experience; what our customers see and interact with should be intuitive, robust, and easy. But what about behind the scenes, when customers step away from their screens to attend to the rest of their business? Data privacy and security has also long been a cornerstone of the Signeasy ethos - and it’s why our customers can not only sign easy, but can rest easy, too.
Logging in and logging out
Raise your hand if “password” has ever been your password? Raise your other hand if “P@ssword” is how you cleverly “enhanced” that password. One of the keys to securing documents and data is strong password protection. Over the past few months, we have been encouraging existing customers to update passwords, and new customers to institute strong ones, in order to prevent unauthorized access. This even includes a meter to help assess a password’s strength.
Additionally, we have rolled out automatic session timeout to our web app. Now, even if your screen is physically accessible to others, your documents won’t be! Timeout does come with some flexibility, and allows users to set certain parameters, to ensure it conforms to their particular comfort level and work style.
User security extends beyond our customers, to their document recipients as well. You want to make sure that not only is your document being sent to the correct party for signature, but that only the correct party may open, view and sign it. Two-factor authentication, or 2FA, is the key.
When requesting a signature, enable 2FA by including the recipient’s mobile phone number in the request. When the recipient goes to open and sign the document, a code will be sent to that mobile number, which will then be entered to open the document. 2FA is fast becoming standard for digital businesses and we felt it important to extend this protection to non-customer document recipients in order to close an important security loop.
After months of diligent work across many teams, Signeasy is proud to announce that it has achieved SOC2, Type 1 compliance, and anticipates obtaining its Type 2 certificate in the near future. For those not entirely familiar with SOC2, it involves an extensive, third-party audit of an organization's security, confidentiality, availability, processing integrity and/or privacy controls, based on their assurance of compliance with the AICPA's (American Institute of Certified Public Accountants) TSC (Trust Services Criteria).
A SOC 2 report is often the primary document that security departments rely upon to assess a vendor’s security risk. With our Type 1 compliance certificate, Signeasy can now demonstrate to its customers independent verification of just how seriously we take their security, and what we have done in order to protect it.
In the coming months, we expect to announce that we are SOC2, Type 2 compliant. Type 2 compliance is a further assessment of how the processes evaluated during the Type 1 audit have held up over a longer period of time.
Time to rest easy
From a customer satisfaction perspective, user experience is only half the battle. Yes, we want users to think our product is great when using it. But we don’t want them to have to think about it at all when they aren’t. There’s nothing delightful about wondering if your data is safe or your documents secure. While this has always been of the utmost importance to Signeasy, the first half of this year has seen it rise to another level and we felt compelled to share that with all of you.