ISO27001 Case Study


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

ISO27001 Case Study

  1. 1. ISO/IEC 27001 Certification Enables DocuSign To Provide Customers With Enhanced Protection. BSI Case Study DocuSign “Our culture at DocuSign puts our customers – and the security of their documents, data and information – at the top of our priority list. We’re proud to be among a very elite group of global companies whose security practices and standards meet the rigorous requirements of ISO/IEC 27001.” Ken Moyle Chief Legal Counsel, DocuSign Customer Needs • Protect confidential data • Manage high volumes of data • Manage security requirements • Increase efficiency and reliability of processes • Maintain consistent practices worldwide Customer Benefits • Embedded culture of continuous improvement • Operate resilient infrastructure and service • Improved risk management ISO/IEC 27001
  2. 2. Customer Background Founded in 2003, DocuSign, Inc. is the leader in eSignature transaction management and is designated as the global standard for eSignature®. DocuSign empowers anyone with the capability to sign anything, anywhere on any Internet-connected device. More than 37 million users trust their signatures – and documents, data, and information – on the DocuSign Global Network. In fact, more than 310 million documents have been DocuSigned in 188 countries helping individuals, small businesses, and global enterprises to finish business faster. DocuSign is a private company with multiple U.S.-based data centers and business offices in San Francisco, Chicago, Seattle, and London. DocuSign provides consumers and businesses across all industries with the easiest and fastest, yet most secure, way to send, sign, track, and store documents in the cloud. More than 60,000 new unique users join the DocuSign Global Network every day. DocuSign’s eSignature transaction management platform connects companies to their customers, partners, suppliers, and employees in a manner that lets them transact business with complete confidence. More than one million documents are DocuSigned each day – many of them being signed and returned within minutes. DocuSign helps companies easily and affordably replace existing manual, paper-based data, payment, and signature collection methods to accelerate speed to results, reduce costs, and satisfy customers. Customer needs The essence of DocuSign’s business is earning the trust of its customers. To gain that trust, DocuSign must assure its customers’ confidential data is secured and protected from the moment it is collected, on its journey through the cloud, as it is delivered to its destination, and while stored with DocuSign. “Customers trust us with their most sensitive data and they conduct business with DocuSign based on our due diligence audits and assurance that we are actually doing business as we say,” said Ken Moyle, Chief Legal Counsel for DocuSign. “That is what we contract to, and that is what we provide our customers as The Global Standard for eSignature®.” To provide that confidence DocuSign must demonstrate that it maintains a well-managed, cloud-based service. The company also must show that it is able to manage the extremely high volume of data that traverses throughout its global network on a daily basis, more than one million documents a day, while maintaining strict security requirements. None of these tasks can be accomplished by sacrificing the efficiency or reliability of DocuSign’s processes and systems. Both DocuSign and its customers expect the company to maintain consistent and extremely high-quality practices worldwide. “It’s not just about industry standard controls, it’s about best practice controls and how we isolate and encrypt data and provide strong authentication options for our customers,” said Moyle. “It’s also about additional integrity and availability capabilities that help us protect their most sensitive data each and every time a document is sent, signed, and stored in the DocuSign cloud.” BSI Case Study DocuSign ISO/IEC 27001
  3. 3. DocuSign pursued and attained its ISO/IEC 27001 certification through BSI to powerfully demonstrate the company’s dedication to security management, that it goes above and beyond what is expected. ISO/IEC 27001 certification provides ongoing confirmation that DocuSign is using consistent and reliable security practices to best protect people, processes, and sensitive document transactions every day and at every point on its global network. It also helps to make the company’s vendors, business partners, and customers become more aware of the importance that DocuSign places on securing data and managing it properly. “Internal and external validation ensures that continuous improvements are always being enacted and refined,” said Moyle. “This continuous improvement enables DocuSign to maintain a resilient infrastructure and service.” Certification shows that the company is audited to a higher standard than just general controls. DocuSign’s implementation of a “Plan Do Check Act” (PDCA) cycle and its use of risk analysis lead to new realizations about how and when to make improvements and help to spot important trends. This enables DocuSign to focus its budget, resources, and personnel in the proper places. Return On Investment DocuSign measures the return on its investment in ISO/IEC 27001 certification in two ways. First, the company has seen a spike in corporate pride since achieving certification. The company and its employees have met, and continue to maintain, a comprehensive and high degree of security. DocuSign proudly and prominently promotes its ISO/IEC 27001 certification in its marketing materials, during customer presentations, and speaking engagements. Everyone in the company shares it with customers, prospects, and partners as part of the company’s culture and practices, said Moyle. “Our culture at DocuSign puts our customers – and the security of their documents, data, and information – at the top of our priority list,” said Moyle. “We’re proud to be among a very elite group of global companies whose security practices and standards meet the rigorous requirements of ISO/IEC 27001.” Secondly, certification has provided DocuSign with a competitive advantage when closing deals with large national and international firms. “Without a doubt, we consider it as a core competitive advantage. Customers have a lot more confidence in an organization that has been certified to the highest levels by an independent third party,” said Moyle. “It definitely has a positive impact on our bottom line.” “It is the gold standard and we are very proud of it,” he added. Customer Benefits of Certification BSI Case Study DocuSign ISO/IEC 27001
  4. 4. Why BSI? BSI is considered the best in class of auditing excellence and certification training to international standards. BSI’s trainers have a thorough knowledge of the standard combined with substantial insight into how businesses can best improve themselves and their operations. BSI has a long history in the certification business and is comprised of auditors and trainers who have many years, even decades, of experience with the company. Their keen insight and dedication are what make BSI such a significant help to companies like DocuSign. “You can tell that level of excellence is reinforced at the organizational level by BSI because it permeates through everyone in the company and transfers across to people and companies that BSI certifies,” he added. BSI/USA/344/MS/0513/E BSI Case Study DocuSign ISO/IEC 27001 BSI Group America Inc. 12110 Sunset Hills Road, Suite 200 Reston, VA 20190-5902 USA Tel: +1 888 429 6178 Fax: 1 703 437 9001 Email: Web: BSI Group Canada Inc. 6205B Airport Road, Suite 414 Mississauga, Ontario L4V 1E3 Canada Tel: 1 800 862 6752 Fax: 1 416 620 9911 Email: Web: The BSI certification mark may be used on your stationery, literature and vehicles when you have successfully achieved certification and conform with applicable guidelines. The mark shall never be applied directly on the product or service. Copyright © 2013 The British Standards Institution. All Rights Reserved. Your business could benefit from ISO/IEC 27001 just like DocuSign. To find out more, visit