Because CloudSign is a service that protects everyone’s valuable contract data, security is our top priority.
■ Prevent Unauthorized Access to Sent Contracts
When a contract is sent from the sender to the recipient, CloudSign issues a unique access URL to view the file each time and then notifies the recipient via email.
For ill-intentioned and unauthorized third parties to access the URL, they would need to come up with 100 million randomized URLs every second, and even then it would take them more time than it took the universe to form. This system allows for even recipients who don’t yet have CloudSign accounts to receive contract files securely.
■ Using Electronic Signatures and Certified Timestamps for Complete and Authentic Protection
Adding an electronic signature and timestamp to electronic data clarifies the “who” “what” and “when” of the agreement, solidifying the integrity and authenticity of the digital contract.
To guarantee the validity of the agreement PDF file and to securely store the file long term, CloudSign uses a combination of Bengo4.com, Inc.’s electronic signature and certified timestamp services.
Standard Plans and above include timestamps verified by a Time Stamping Authority (AMANO Corporation). This allows one to verify the existence of digital data at a determined point in time and that the said data has not been tampered with since that time.
By adding a timestamp, the validity of electronic signatures increases to 10 years. (long-term signature)
This addition allows one to detect any tampering over the course of 10 years.
* For more information on registered TSA companies, please see the Japan Data Communications Association’s official website.
■ Encrypted Transmissions
All transmissions between our customers and CloudSign are SSL/TLS encrypted. (256-bit encryption)
We cover the risks of wiretapping, interception, tampering, and identity theft during a transmission.
■ Encryption of Stored Files
Files are encrypted (using AES-GCM encryption) upon being uploaded, preventing them from being read by third parties.
To protect the confidentiality of data from attacks and unauthorized access by external networks, we use a firewall to store confidential information in isolation from the rest of the internet.
Contract data is backed up regularly and automatically. We store multiple backups on various devices across a number of locations, so your data will be safe even in the case of a natural disaster.
■ Confidentiality Policy
Excluding limited and separately defined circumstances, for example, we first receive permission from the customer or are required to by law, CloudSign staff cannot see the contents or titles of customers’ documents nor their business transaction information.
■ Account Protection
When setting a password, the strength of the password is checked and gets rejected if it is too short or easy to guess. In addition to password authentication, onetime passwords can be issued from the smartphone app for two-factor authentication.
■ IP Address Limitations
With the Business Plan and Enterprise Plan, customers have the option of allowing only designated IP addresses to access to CloudSign (multiple IP addresses can be designated). This setting helps prevent against unauthorized access by third parties.
■ ISO 27001 Certified
In regards to our information security management system (ISMS), we became ISO 27001 certified in October 2016, as we strive to uphold the confidentiality, integrity, and availability of information.
*Please select your preferred language from the options at the bottom of the page