{"id":9984,"date":"2025-05-14T11:53:57","date_gmt":"2025-05-14T03:53:57","guid":{"rendered":"https:\/\/www.dkmeco.com\/en\/?p=9984"},"modified":"2025-05-14T12:04:27","modified_gmt":"2025-05-14T04:04:27","slug":"genuine-customer-inquiry-what-international-certifications-and-standards-has-docusign-obtained","status":"publish","type":"post","link":"https:\/\/www.dkmeco.com\/en\/genuine-customer-inquiry-what-international-certifications-and-standards-has-docusign-obtained\/","title":{"rendered":"Genuine Customer Inquiry | What International Certifications and Standards Has DocuSign Obtained?"},"content":{"rendered":"<p class=\"ds-markdown-paragraph\"><strong>A Comprehensive Guide to DocuSign&#8217;s Global Certification System!<\/strong><\/p>\n<p class=\"ds-markdown-paragraph\">Many customers evaluating e-signature solutions often ask:\u00a0<em>&#8220;Is DocuSign compliant with major global certifications and standards? Is it legally valid in regions like Europe, the U.S., Canada, and Asia? Does its information security meet compliance requirements?&#8221;<\/em>\u00a0These questions are critical, especially for cross-border operations or sensitive data (e.g., personal privacy, financial contracts, medical records).<\/p>\n<p class=\"ds-markdown-paragraph\">As a global leader in e-signatures, DocuSign holds multiple international certifications and regional compliance frameworks (e.g.,\u00a0<strong>ISO 27018<\/strong>,\u00a0<strong>SOC 2 Type II<\/strong>), ensuring legal validity and data security across North America, Europe, Asia, and other key markets.<\/p>\n<p class=\"ds-markdown-paragraph\">This article details DocuSign\u2019s\u00a0<strong>certification system<\/strong>, covering\u00a0<strong>international standards<\/strong>,\u00a0<strong>industry-specific accreditations<\/strong>, and\u00a0<strong>regional compliance requirements<\/strong>. By analyzing the practical implications of these certifications, we\u2019ll demonstrate how DocuSign safeguards data and meets legal\/regulatory demands worldwide.<\/p>\n<h3><strong>01. ISO 27001, ISO 27017 &amp; ISO 27018<\/strong><\/h3>\n<p class=\"ds-markdown-paragraph\">ISO certifications validate compliance with international standards set by the\u00a0<strong>International Organization for Standardization (ISO)<\/strong>.<\/p>\n<p class=\"ds-markdown-paragraph\">DocuSign is certified for:<\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>ISO 27001:2022<\/strong>\u00a0(Information Security Management)<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>ISO 27017:2015<\/strong>\u00a0(Cloud Service Security Controls)<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>ISO 27018:2019<\/strong>\u00a0(Public Cloud Personal Data Protection)<\/p>\n<\/li>\n<\/ul>\n<p class=\"ds-markdown-paragraph\">These certifications confirm DocuSign\u2019s commitment to securing sensitive data in cloud environments.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/1.png\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/www.iso.org\/obp\/ui\/#iso:std:iso-iec:27001:ed-3:v1:en\" target=\"_blank\" rel=\"noopener noreferrer\">Explore ISO Standards<\/a><\/p>\n<h3><strong>02. Payment Card Industry Data Security Standard (PCI DSS)<\/strong><\/h3>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/2.png\" width=\"583\" height=\"181\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">DocuSign is a\u00a0<strong>PCI DSS v4.0-compliant<\/strong>\u00a0service provider, certified by Visa\u2019s Global Registry. It adheres to strict controls for securing payment card data, as mandated by the\u00a0<strong>PCI Security Standards Council (PCI SSC)<\/strong>.<\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/www.pcisecuritystandards.org\/about_us\/\" target=\"_blank\" rel=\"noopener noreferrer\">Learn About PCI DSS<\/a><\/p>\n<h3><strong>03. SOC 1 Type II &amp; SOC 2 Type II<\/strong><\/h3>\n<p><img decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/3.png\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">DocuSign follows the\u00a0<strong>AICPA Trust Services Criteria<\/strong>, undergoing annual audits to verify compliance across data centers and operational processes.<\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/www.aicpa-cima.com\/topic\/accounting-financial-reporting\" target=\"_blank\" rel=\"noopener noreferrer\">AICPA Trust Services Details<\/a><\/p>\n<h3><strong>04. Cloud Computing Compliance Controls Catalog (C5)<\/strong><\/h3>\n<p><img decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/4.png\" width=\"314\" height=\"312\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">DocuSign holds\u00a0<strong>C5 Type II<\/strong>\u00a0certification from Germany\u2019s\u00a0<strong>Federal Office for Information Security (BSI)<\/strong>, confirming compliance with stringent cloud security requirements for the DACH region (Germany, Austria, Switzerland).<\/p>\n<h3><strong>05. Australian IRAP<\/strong><\/h3>\n<p class=\"ds-markdown-paragraph\">The\u00a0<strong>Information Security Registered Assessors Program (IRAP)<\/strong>, managed by the\u00a0<strong>Australian Signals Directorate (ASD)<\/strong>, assesses cybersecurity frameworks. DocuSign meets the\u00a0<strong>Australian Government ISM<\/strong>\u00a0and\u00a0<strong>Protective Security Policy Framework (PSPF)<\/strong>\u00a0standards.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/5.jpg\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/www.cyber.gov.au\/irap\" target=\"_blank\" rel=\"noopener noreferrer\">Explore IRAP<\/a><\/p>\n<h3><strong>06. FedRAMP<\/strong><\/h3>\n<p class=\"ds-markdown-paragraph\">DocuSign is\u00a0<strong>FedRAMP-authorized<\/strong>, offering\u00a0<strong>DocuSign Federal (eSignature)<\/strong>\u00a0and\u00a0<strong>CLM solutions<\/strong>\u00a0for U.S. federal agencies via the\u00a0<strong>FedRAMP Marketplace<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/6.png\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/www.docusign.com\/blog\/are-docusign-products-authorized-by-fedramp\" target=\"_blank\" rel=\"noopener noreferrer\">FedRAMP Authorization Details<\/a><\/p>\n<h3><strong>07. StateRAMP<\/strong><\/h3>\n<p class=\"ds-markdown-paragraph\">DocuSign\u2019s\u00a0<strong>Federal eSignature<\/strong>\u00a0and\u00a0<strong>CLM<\/strong>\u00a0are\u00a0<strong>StateRAMP-authorized<\/strong>, ensuring compliance with U.S. state\/local government cloud security standards for handling\u00a0<strong>PII, PHI, and PCI data<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/7.png\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/stateramp.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">StateRAMP Overview<\/a><\/p>\n<h3><strong>08. DoD IL4 (Impact Level 4)<\/strong><\/h3>\n<p><img decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/8.png\" width=\"273\" height=\"187\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">DocuSign holds\u00a0<strong>DoD IL4 Provisional Authorization<\/strong>\u00a0from the\u00a0<strong>Defense Information Systems Agency (DISA)<\/strong>, permitting use for\u00a0<strong>sensitive unclassified data<\/strong>\u00a0under the\u00a0<strong>DoD Cloud Computing SRG<\/strong>.<\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/www.docusign.com\/blog\/docusign-achieves-dod-impact-level-4-provisional-authorization\" target=\"_blank\" rel=\"noopener noreferrer\">DoD IL4 Details<\/a><\/p>\n<h3><strong>09. EU QSCD\/SSCD Notifications<\/strong><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/9.jpeg\" width=\"318\" height=\"212\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">Under\u00a0<strong>eIDAS Article 39<\/strong>, DocuSign\u2019s\u00a0<strong>remote signing devices<\/strong>\u00a0are listed as\u00a0<strong>Qualified Signature Creation Devices (QSCD)<\/strong>, enabling\u00a0<strong>eIDAS-compliant Qualified Electronic Signatures (QES)<\/strong>.<\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/eidas.ec.europa.eu\/efda\/browse\/notification\/qscd-sscd\" target=\"_blank\" rel=\"noopener noreferrer\">QSCD\/SSCD Requirements<\/a><\/p>\n<h3><strong>10. EU Trust List<\/strong><\/h3>\n<p class=\"ds-markdown-paragraph\"><strong>DocuSign France SAS<\/strong>\u00a0is an\u00a0<strong>eIDAS-certified Trust Service Provider (TSP)<\/strong>, listed on the\u00a0<strong>EU Trust List<\/strong>\u00a0by\u00a0<strong>ANSSI (France)<\/strong>. It offers\u00a0<strong>QES, AES, timestamps, and e-seals<\/strong>\u00a0across the EU.<\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/eidas.ec.europa.eu\/efda\/trust-services\/browse\/eidas\/tls\/tl\/AT\" target=\"_blank\" rel=\"noopener noreferrer\">EU Trust List<\/a><\/p>\n<h3><strong>11. APEC Cross-Border Privacy Certification<\/strong><\/h3>\n<p class=\"ds-markdown-paragraph\">DocuSign is\u00a0<strong>APEC Cross-Border Privacy Rules (CBPR)<\/strong>\u00a0and\u00a0<strong>Processor Privacy Recognition (PRP)<\/strong>\u00a0certified, aligning with\u00a0<strong>APEC\u2019s data protection framework<\/strong>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/11.png\" width=\"371\" height=\"249\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/www.schellman.com\/services\/privacy-assessments\/apec-certification\/prp-process\" target=\"_blank\" rel=\"noopener noreferrer\">APEC Certification<\/a><\/p>\n<h3><strong>12. EU Data Transfer Compliance (BCR)<\/strong><\/h3>\n<p class=\"ds-markdown-paragraph\">DocuSign\u2019s\u00a0<strong>Binding Corporate Rules (BCR)<\/strong>\u00a0are approved by\u00a0<strong>EU data protection authorities<\/strong>, enabling lawful cross-border data transfers.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/12.png\" width=\"290\" height=\"198\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/www.docusign.com\/trust\/privacy\/binding-corporate-rules\" target=\"_blank\" rel=\"noopener noreferrer\">BCR Details<\/a><\/p>\n<h3><strong>13. Standardized Information Gathering (SIG)<\/strong><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/13.png\" width=\"285\" height=\"296\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">DocuSign uses the\u00a0<strong>SIG questionnaire<\/strong>\u00a0(by\u00a0<strong>Shared Assessments<\/strong>) for third-party risk evaluations, covering\u00a0<strong>21 risk domains<\/strong>\u00a0annually.<\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/sharedassessments.org\/sig\/\" target=\"_blank\" rel=\"noopener noreferrer\">SIG Framework<\/a><\/p>\n<h3><strong>14. CSA STAR (Canada)<\/strong><\/h3>\n<p class=\"ds-markdown-paragraph\">DocuSign completes the\u00a0<strong>Consensus Assessments Initiative Questionnaire (CAIQ)<\/strong>\u00a0annually, published in the\u00a0<strong>CSA STAR Registry<\/strong>\u00a0for transparency.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/14.png\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/cloudsecurityalliance.org\/star\/#_overview\" target=\"_blank\" rel=\"noopener noreferrer\">CSA STAR<\/a><\/p>\n<h3><strong>15. Canada Protected-B<\/strong><\/h3>\n<p class=\"ds-markdown-paragraph\">DocuSign meets\u00a0<strong>Protected-B<\/strong>\u00a0requirements for handling\u00a0<strong>sensitive Canadian government data<\/strong>, including security assessments and personnel clearances.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/16.png\" width=\"269\" height=\"184\" \/><\/p>\n<h3><strong>16. FISC (Japan)<\/strong><\/h3>\n<p class=\"ds-markdown-paragraph\">As a member of the\u00a0<strong>Center for Financial Industry Information Systems (FISC)<\/strong>, DocuSign adheres to\u00a0<strong>Japanese financial sector security guidelines<\/strong>\u00a0(non-mandatory but industry-respected).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/dkm-website.oss-cn-shenzhen.aliyuncs.com\/upload\/0\/dataBlog\/blog\/docusign\/20250331\/15.png\" width=\"353\" height=\"144\" \/><\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/www.fisc.or.jp\/english\/\" target=\"_blank\" rel=\"noopener noreferrer\">FISC Guidelines<\/a><\/p>\n<h3><strong>DocuSign\u2019s Global Certification Summary<\/strong><\/h3>\n<p class=\"ds-markdown-paragraph\">DocuSign\u2019s certifications validate its\u00a0<strong>global compliance leadership<\/strong>:<\/p>\n<ul>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>U.S.<\/strong>: FedRAMP, DoD IL4<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>EU<\/strong>: eIDAS QES, ANSSI Trust List<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>APAC<\/strong>: APEC CBPR<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>Canada<\/strong>: Protected-B<\/p>\n<\/li>\n<li>\n<p class=\"ds-markdown-paragraph\"><strong>Japan<\/strong>: FISC<\/p>\n<\/li>\n<\/ul>\n<p class=\"ds-markdown-paragraph\">These ensure\u00a0<strong>secure, compliant data handling<\/strong>\u00a0for customers worldwide.<\/p>\n<p class=\"ds-markdown-paragraph\">\ud83d\udd17\u00a0<a href=\"https:\/\/www.docusign.com\/trust\/compliance\/certifications\" target=\"_blank\" rel=\"noopener noreferrer\">Explore All Certifications<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A Comprehensive Guide to DocuSign&#8217;s Global Certification System! Many customers evaluating e-signature solutions often ask:\u00a0&#8220;Is DocuSign compliant with major global<\/p>\n","protected":false},"author":92,"featured_media":9990,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":"","_wp_rev_ctl_limit":""},"categories":[145],"tags":[],"class_list":["post-9984","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-docusign"],"acf":[],"aioseo_notices":[],"rttpg_featured_image_url":{"full":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11.png",888,515,false],"landscape":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11.png",888,515,false],"portraits":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11.png",888,515,false],"thumbnail":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11-150x150.png",150,150,true],"medium":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11-300x174.png",300,174,true],"large":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11.png",888,515,false],"1536x1536":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11.png",888,515,false],"2048x2048":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11.png",888,515,false],"woodmart_shop_catalog_x2":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11-600x515.png",600,515,true],"woocommerce_thumbnail":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11-300x300.png",300,300,true],"woocommerce_single":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11-600x348.png",600,348,true],"woocommerce_gallery_thumbnail":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11-150x87.png",150,87,true],"rt_custom":["https:\/\/www.dkmeco.com\/en\/wp-content\/uploads\/2025\/05\/docusign11.png",888,515,false]},"rttpg_author":{"display_name":"dkm-admin","author_link":"https:\/\/www.dkmeco.com\/en\/author\/dkm-admin\/"},"rttpg_comment":0,"rttpg_category":"<a href=\"https:\/\/www.dkmeco.com\/en\/category\/docusign\/\" rel=\"category tag\">DocuSign<\/a>","rttpg_excerpt":"A Comprehensive Guide to DocuSign&#8217;s Global Certification System! Many customers evaluating e-signature solutions often ask:\u00a0&#8220;Is DocuSign compliant with major global","_links":{"self":[{"href":"https:\/\/www.dkmeco.com\/en\/wp-json\/wp\/v2\/posts\/9984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dkmeco.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dkmeco.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dkmeco.com\/en\/wp-json\/wp\/v2\/users\/92"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dkmeco.com\/en\/wp-json\/wp\/v2\/comments?post=9984"}],"version-history":[{"count":1,"href":"https:\/\/www.dkmeco.com\/en\/wp-json\/wp\/v2\/posts\/9984\/revisions"}],"predecessor-version":[{"id":9985,"href":"https:\/\/www.dkmeco.com\/en\/wp-json\/wp\/v2\/posts\/9984\/revisions\/9985"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dkmeco.com\/en\/wp-json\/wp\/v2\/media\/9990"}],"wp:attachment":[{"href":"https:\/\/www.dkmeco.com\/en\/wp-json\/wp\/v2\/media?parent=9984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dkmeco.com\/en\/wp-json\/wp\/v2\/categories?post=9984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dkmeco.com\/en\/wp-json\/wp\/v2\/tags?post=9984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}