Putting the SOC on e-SignLive - Secure e-Signatures For Business

Christian Vezina, August 18, 2014

As the Director of IT & Security, it is my job to uphold eSignLive by VASCO’ guarantee of customer security.  eSignLive is trusted by some of the most security-conscious organizations in the world including the United States Joint Chiefs of Staff, the entire US Army, 8 of the top 20 banks and 8 of the top 15 insurance companies in North America.  But we play on a level playing field. No matter the size of a business, all of our customers receive the same level of security.

Most recently eSignLive by VASCO underwent a Service Organization Controls (SOC) 2 attestation for its e-signature system, which was successfully completed in June.  What this means for our customers is that more controls are in place to ensure their data is properly protected.




Electronic Signature

The Beginner's Guide to Electronic Signatures

This comprehensive, 31-page beginner’s guide to electronic signatures introduces important legal concepts and key considerations when creating digital business processes with e-signatures.  

Download Now

eSignLive is hosted by Amazon Web Services, which is designed and managed according to the highest standards for security and data protection, we work each day to meet our commitment to securing customer data whether in financial services, government, health care or other regulated industries.  As part of our ongoing commitment to maintain our customers’ trust, we are regularly assessing certifications standards that demonstrate our security controls.

In order to provide our customers with the assurance that meets their security requirements, eSignLive by VASCO opted for a SOC 2 security attestation after much due diligence. There are a number of certifications offered and we found that the SOC 2 and the complementary report better assists prospects and customers evaluate security controls and compliance requirements are met by service providers.

While a SOC 1 audit (formerly SSAE 16) focuses on controls over financial reporting and ISO 27001 certifies that an Information Security Management System is in place at a given organization, only a SOC 2 attestation can be used to really attest to the security of a system. We’re extremely proud to be the first cloud-based e-signature provider to achieve the SOC 2 attestation. It’s a testament to our commitment to ensuring the highest level of security and legal protection as part of our goal to deliver the best e-signature solution in the market!

Businesses are increasingly moving customer transactions to a completely electronic environment where contracts and documents of all types are being delivered, reviewed and signed. Security is understandably a top concern with online transactions, so it is important that eSignLive by VASCO meets the highest security standards. Since e-signatures are only as good as the security that protects them, we designed our system around both stringent cloud and document security, including:

  • Choosing the appropriate level of authentication
  • Protecting e-signatures and documents from tampering
  • Making it easy to verify e-signed records
  • Ensuring the long term reliability of your e-records, independent of eSignLive by VASCO
  • A consistent track record for protecting customer data

This multi-pronged approach to e-signature security ensures that a business’ records can be reliably reproduced as evidence in the event of a dispute. It also fosters customer confidence, protects an organization’s reputation and reduces the risk of non-compliance fines.

To learn more about evaluating security requirements relating to e-signatures, download the e-SignLive whitepaper, Security for E-Signatures and E-Transactions: What to Look for in a Vendor. If you want to know more about SOC 2, give your sales representative a call.

As CISO for OneSpan, Mr. Vezina’s role is to lead the overall OneSpan corporate information security strategy. With 30 years of IT experience in varied environments, Mr. Vezina has dedicated the last 15 years to information security.