e-Signature FAQs

What’s an electronic signature?

An electronic signature – also known as an e-signature – is a simple, easy and legal way to get consent or approval on electronic documents or forms.

Electronic signatures are:

  1. Legal – E-signatures are recognized as legally binding in the United States and the majority of countries around the world. There are two Acts that establish the legality of e-signatures in the United States – the Electronic Signatures in Global and National Commerce Act (ESIGN, 2000) and the Uniform Electronic Transactions Act (UETA, 1999). Both ESIGN and UETA establish that electronic records and signatures carry the same weight and legal effect as traditional paper documents and handwritten signatures.
  2. Tested – Many industries and Fortune 500 companies, government agencies, and tens of thousands of small- to medium-sized businesses rely on and create millions of e-signatures a year.
  3. Secure – E-signatures are more secure than written and fax signatures. Our process ensures that documents are managed, signed and ultimately delivered to the contracting parties in a secure manner.
  4. Auditable – The process of gathering e-signatures from multiple parties can be tracked to ensure compliance. Our process establishes a detailed audit trail that logs all events and actions taken by the people who participated in the transaction.

Our e-signature service is provided by DocuSign, the global leader in electronic signature with hundreds of millions of users in more than 180 countries worldwide.

How are electronic signatures better than paper or fax signatures?

E-signatures are more secure…and get the job done faster and cheaper…than paper-based signatures. Here’s why, e-signatures:

  1. Apply to the entire document – If a paper contract has two or more pages, and the signature is only applied to a single page, unsigned pages could be changed without anyone’s knowledge. With our process, a cryptographic binding (basically, a security code) is applied to the entire document when a signature is applied, creating a certified document. If any information changes on any page, participants are notified that the document was modified after it was signed.
  2. Can’t be duplicated with a copier or scanner – It’s too easy to forge a paper signature by copying it, scanning it, or tracing it with a pen. An electronic signature is bound to a specific instance of the document and tracked as part of a multi-step signature process. A signature that’s been applied to one document can’t be applied to another.
  3. Can’t be backdated – With paper signatures, signers are free to enter any date or time they choose, making it possible for one of the parties to change the “active” date of the signing without notifying other parties. With the e-signature process, the time is centrally managed by the hosted service and backdating isn’t allowed.
  4. Are much easier to authenticate – Authenticating a paper signature requires another handwritten signature from the same signer for comparison. If additional signature samples aren’t available, authenticity can’t be proven. With e-signature, basic authentication of the signer is accomplished via their email address. In addition, a unique signing URL is sent to the signer who clicks on it to activate the signing process. All of the events are tracked by our process, and IP address records are included in a detailed audit log.

How compliant and secure is electronic signature?

DocuSign is ISO 27001:2013 certified. This is the highest level of global information security assurance available today, and provides assurance that DocuSign meets stringent international standards on security. Here’s what it means for financial service providers like Vantage Credit Union:

SOC 1 Type 2, SOC 2 Type 2
As a SOC 1 and SOC 2-certified organization, DocuSign complies with the reporting requirements stipulated by the American Institute of Certified Public Accountants (AICPA). DocuSign undergoes yearly audits across all aspects of their production operations, including their datacenters, and have sustained and surpassed all requirements.

DocuSign maintains compliance with the current version of the PCI Data Security Standard (DSS) to ensure safe and secure handling of credit card holder information. As overseen by the Payment Card Industry Security Standards Council (PCI SSC), DocuSign places stringent controls around cardholder data as both a service provider and merchant. DocuSign is listed as a PCI Service Provider on the Visa Global Registry of Service Providers.

CSA STAR Program
DocuSign adheres to the requirements of the Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) program. The CSA STAR comprises key principles of transparency, rigorous auditing, and harmonization of standards. DocuSign’s Consensus Assessments Initiative Questionnaire (CAIQ) documents the rigor and strength of DocuSign’s security posture and best practices and is publicly accessible for viewing and download from the CSA STAR registry.

DocuSign has achieved the Asia-Pacific Economic Cooperation (APEC) Privacy Recognition for Processor (PRP) System certification. APEC has established Cross-Border Privacy Rules (CBPR) and Framework to protect the privacy and security of personal information at-rest and in-transit. An independent auditor, Schellman Group, has assessed DocuSign’s capabilities and granted them this certification to demonstrate compliance with CBPR and Framework.

Are electronic signatures auditable?

Yes, e-signatures are actually more auditable than ink signatures, because they provide additional levels of security, tracking, and control. All e-signatures and audit trails are encrypted, digitally sealed, tamper evident, and securely maintained.