The Opportunity
DocuSign’s business relies on stringent security controls. ISO has reviewed DocuSign’s controls and is comfortable with its security including for P4 data when required for your business process.
Nevertheless, every DocuSign user must be vigilant about security; we are mutually responsible.
This article provides recommendations and information about several security features.
Table of Contents
- Default Envelope Email Message
- Log-in Required If User Has an Account
- Completed Envelope Delivery
- Envelope Recipient Access Expiration and Recipient Authentication via Access Code
- Envelope Access Code
- Session Timeout
- Require New Signature
- Restrict Field Content Visibility
- Integrations, Downloading Completed Envelopes and Retention Management
Default Envelope Email Message
Set by UC DocuSign Team; Department Account Administrators can change
- Our default email message instructs recipients to not share/forward their envelopes. It states:
- Do Not Share This Email
- This email contains a secure link to DocuSign. For security reasons, please DO NOT SHARE this email, link, or access code with others.
- Department Account Administrators can change this message for their account but we recommend that the central idea, do not forward, is retained.
- Department Account Administrators can also prevent users from forwarding envelopes. If you do this, users will be able to access their envelopes directly from DocuSign.
- From Sending Settings
Note: Screengrabs are taken when the browser window is full-size.
Narrowing the browser window might change what you see.
Log-in Required If User Has an Account
Set by UC DocuSign Team
- This is turned on for UCB accounts.
- There are many use cases for which signers do not have an account therefore we have not required signers to create an account if they do not have one.
Completed Envelope Delivery
Set by Department Account Administrators
- We recommend that Department Account Administrators do not select “Attach documents to completion email” in case sensitive data is collected. Signers will still be able to access their completed documents through DocuSign.
- However, they will have to create an account to do so if they do not already have one. DocuSign offers free accounts. If the signer is a UCB employee and creates the account with their @UCB email address, they will automatically be given a UCB account as a Viewer. Otherwise they will have an independent account.
- In Signing Settings:
Note: Screengrabs are taken when the browser window is full-size.
Narrowing the browser window might change what you see.
Envelope Recipient Access Expiration and Recipient Authentication via Access Code
Set by Department Account Administrators and Senders
- DocuSign sets envelope Recipient Access to expire after 48 hours or 5 clicks on the envelope email notification link, whichever comes first.
- After that if someone tries to access the envelope, DocuSign sends a new link to the original recipient. All future clicks on the expired email link will offer to send a new email notification with a fresh link.If a recipient is required to authenticate every time they access an envelope then the link expiration does not apply and the envelope link remains valid.
- If a recipient is required to authenticate only the first time they access an envelope, the link expiration will apply after that first, authenticated access.
- The first time a Signer attempts to use an expired link, they automatically receive a new link. Subsequent attempts to use an expired link lead to a page where they can easily request a new link. Or, if they have a DocuSign account, they can access the document by logging into their account, even if the email link has expired.
- As a best practice, Department Account Administrators and Senders should ensure all envelopes are assigned an access code. This both increases the security of your envelopes and (in most cases) avoids the notification expiration behavior. See Envelope Access Code section below.
- See Recipient Authentication for more information.
Envelope Access Code
Set by Senders
- When Senders are preparing their envelopes, they can create an access code, including a robust auto generated code, to give the signer (e.g. via text, email, etc.).
- Signers will need both the envelope link and the access code.
Note: Screengrabs are taken when the browser window is full-size.
Narrowing the browser window might change what you see.
Session Timeout
Set by Department Account Administrators
- Department Account Administrators can set how long a user's web session lasts before timing out.
- We recommend the session is no longer than 30 minutes in Demo and shorter in Production.
Require New Signature
Set by Senders
- On a per envelope or template basis, Senders can require a new signature for each signing (a la a "handwritten signature").
- The Department Account Administrator sets this ability at the account level under Sending Settings.
- The Sender sees
Note: Screengrabs are taken when the browser window is full-size.
Narrowing the browser window might change what you see.
Restrict Field Content Visibility
Set by Template Preparer
- Any text field can be set to hide the information a recipient provides, including text fields with SSN validation. This is recommended for fields collecting sensitive data. The actual data can be seen only by someone logged into DocuSign who has access to the envelope.
- Field content visibility restriction is set at the template level.
Note: Screengrabs are taken when the browser window is full-size.
Narrowing the browser window might change what you see.
Integrations, Downloading Completed Envelopes and Retention Management
Set by Department Account Administrators
- Follow security and data protection requirements with any connection between DocuSign content and another system, whether a built-in technical integration (e.g. with Box, Smartsheet, Google Drive), a custom integration (e.g. with Perceptive Content) or simply a user downloading a completed envelope (e.g to your hard drive, a shared folder, etc,).
- Check with ISO before implementing integrations to ensure the integration conforms to secure practices.
- See Data Classification Guidelines for specifics.
- Follow your business process requirements regarding retention for completed envelopes. At this time DocuSign doesn’t limit the amount of time you can store completed envelopes, but ideally they should be stored in the appropriate system of record for your business process.
- Please see the following information for more guidance.