Whitepaper: Best Practices for Electronic Document Management and Security
Upcoming SlideShare
Loading in...5
×
 

Whitepaper: Best Practices for Electronic Document Management and Security

on

  • 439 views

Security is always top of mind at DocuSign, just as it is for many of our customers. DocuSign is committed to the secure signing and retention of electronic documents. The following white paper shares ...

Security is always top of mind at DocuSign, just as it is for many of our customers. DocuSign is committed to the secure signing and retention of electronic documents. The following white paper shares industry best practices to protect your documents and the information you exchange with others.

Statistics

Views

Total Views
439
Views on SlideShare
439
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Whitepaper: Best Practices for Electronic Document Management and Security Whitepaper: Best Practices for Electronic Document Management and Security Document Transcript

  • Continued Share: Security is always top of mind at DocuSign, just as it is for many of our customers. DocuSign is committed to the secure signing and retention of electronic documents. Here are industry best practices to protect your documents and the information you exchange with others: Share data wisely The information you share via a smart phone, tablet, laptop, or desktop has tremendous value—and that makes it an attractive target for many people, including businesses, competitors, criminals and even countries conducting industrial espionage. Information posted out to the public internet is catalogued and referenced by search engines, making them easy to find by everyone and anyone. Documents can be copied, posted elsewhere, linked and even altered by others. What to do: degree that you want your own information protected. you do not want exposed or exploited. valuable when aggregated with other data, causing exposure about you, your organization, or a third party. Manage documents with care Only make documents public if that is your intent. Once publicly posted, your information is visible to viewers, collectable by digital tools and search engines, and may be sold or traded by hackers, countries and organized crime. What to do: extractable, and the information available to be repurposed. While this does not in and of itself protect the data, it conveys that the information is intended to be consumed by a wide audience. exchanging and encourage them to label and safeguard data as a manner of habit. consumption. Require authentication If you want to restrict the information to only those authorized to access it over the Internet, make it difficult for people to readily access industry-standard practice, as is tracking who has accessed information and documents via authentication. What to do: measures to ensure that the people accessing your data are authorized to do so. The stronger and more complex the authentication, the greater the protection provided. and should be a hash or encrypted value that is not stored as a clear- text password that can be stolen and re-used to impersonate you. data and monitor those audit trails to ensure only proper access is being granted. verify that only authorized people are accessing the documents. Layer security controls layers of security, which increases the difficulty for non-authorized ways to stop “the bad guys.” What to do: encrypted. for sensitive information such as a digital access code that can be sent to the person directly over other forms of communication, such as phone or text. to maintain control over the transaction. certificates. Be aware of rogue sites that attempt to impersonate having you enter your authentication data or obtain other private information.
  • WHITE PAPER docusign.com About DocuSign DocuSign® is the global standard for electronic signature® . DocuSign accelerates transactions to increase speed to results, reduce costs, and delight customers with the easiest, fastest, most secure global network for sending, signing, tracking, and storing documents in the cloud. 866.219.4318 | docusign.com +44 (0) 800 098 8113 | can perform actions on computers by capturing and sending out information and negatively impacting the integrity of your data without your ready knowledge. available systems holding data without industry-standard controls, such as two-factor encrypted authentication to validate the remote access. monitor a network and alert personnel about potential unauthorized access attempts. research and development, financial data, and personally identifiable need to be protected with specific security controls and behind firewalls configured to further restrict access. Beware of live document links Internet technology makes it possible to access documents over the public documents, these links can also lend themselves towards unintended data exposure if they are used for documents that are private or confidential. What to do: documents are private or confidential. or further validate the link as legitimate. confidential information by merely selecting the link, inform the secure authentication. Protect the copy of record If you rely on the integrity of a singular copy of record, ensure that you have confidence in a reliable version that can be validated so you can answer any challenge to the copy of record. What to do: validates the integrity of the document after each interaction. for data entry and signature in an order that provides visibility conduct business faster and with greater satisfaction from all involved parties. and transacted with the document. Digital audit trails denote accountable actions with the data. provides anti-tampering controls so that only where specified, data can be entered and validated by the signing parties. and anti-tampering mechanisms designed into the service. DocuSign is designed with these controls essential to our eSignature service. Secure archival storage their lifecycle while still allowing them to be viewed and transacted by authorized parties is essential to providing trust, reliability and business efficiency. What to do: insecure protocol where control over the document is unmanaged. process within their secure repository to validate the integrity of the document, manage version control of the document, and ensure oversight of the process by the document sender. that exposes the data to various personnel. Documents stored with application level of encryption provide confidentiality and assurance. While this is a significant engineering effort and is rarely provided, DocuSign designed and provides this essential layer of protection for our customers. This ensures that no unauthorized parties, including system administrators, can view documents. should also provide tools for you to manage the documents you create and name to manage and store documents over time. Computing device security access your data becomes more available and transportable. It is not uncommon for people to access documents from a variety of places. This enables us to conduct our lives and business more efficiently
  • WHITE PAPER docusign.com About DocuSign DocuSign® is the global standard for electronic signature® . DocuSign accelerates transactions to increase speed to results, reduce costs, and delight customers with the easiest, fastest, most secure global network for sending, signing, tracking, and storing documents in the cloud. 866.219.4318 | docusign.com +44 (0) 800 098 8113 | by design, but it also introduces exposures and recommendations to apply awareness and diligence around your mobile computing activities: What to do: are left behind in restaurants, taxis, and even airports and they protect smart phone devices with the default setting at one minute or less. secure authentication to online sites where private or confidential to prevent impersonation, fraud, and identity theft. and hard to deduce, and never share your credentials with others. your digital data resides and how it is protected. Choose business partners with security certifications global standards. DocuSign is the only eSignature provider that datacenters. noted exceptions across all aspects of our enterprise business and environmental, and security access controls. What to do: related certifications they have received, and ask to see the reports. consistency of the business partner in protecting your information to ensure they align with industry standards. variety of auditors helps to ensure that a wide range of testing and Store your signed documents in DocuSign The cost of implementing industry standard security controls can be people transact personal and professional business electronically, the more economical a certified third party service becomes to ensure the highest levels of protection for your data. access by all signing parties. have a guaranteed copy of record and an ongoing digital audit trail to validate who has viewed and signed your documents up to and including the most recent activity on those documents. the latest best practices can reduce risk and give you peace of mind that your data and documents are protected to the highest means possible.