Compliance overview
Docusign compliance certifications
Meeting and exceeding standards worldwide
Docusign's top priority is the privacy and security of our customers' information, documents, and data. The compliance content on these pages explains how Docusign meets or exceeds national and international security standards, including strict security policies and practices that set the standard for world-class information security. We continually drive industry best practices in third-party audits and assessments.
Visit the eSignature service capabilities page to learn how eSignature can help organizations meet specific regulatory requirements.
Learn how data governance regulations and standards shape Docusign's security and privacy practices
by reading the Data Governance White Paper.
Highlights of Docusign’s approach
Docusign’s data governance standards, policies, and procedures are shaped by a wide range of factors, including:
Dedicated teams of subject matter experts across privacy, information security, physical security, internal audit, compliance, and supplier risk
A significant investment in maintaining globally recognized certifications and attestations, such as enterprise-wide ISO 27001:20222013 certification, PCI-DSS, and SOC 1 Type 2 and SOC 2 Type 2 reports
Continuous monitoring of the security and privacy landscape to ensure our approach remains in step and complies with the latest state, federal, and international compliance requirements
Adherence to industry regulations, such as 21 CFR Part 11, Annex 11 (EU), HIPAA, and Sarbanes-Oxley
Customer contractual agreements that provide assurance for data privacy and security
Explore compliance resources
Certifications
Customer Compliance