AssureSign LLC, a leader in electronic signature technology, officially unveiled the latest release of its AssureSign product, AssureSign v2.0.3. With this new release, AssureSign delivers a higher degree of security and compliance.

AssureSign is a web-hosted service that facilitates the managed processing of documents in an all-digital, highly secure, mission critical, environment. The primary focus of the latest release is the addition of security features to enhance AssureSign’s ability to match the enterprise-level security requirements mandatory for compliance by companies in financial services, healthcare, and numerous other industries.  New features include account security settings regarding password strength, re-use, expiration and lockout, as well as the ability to require personal X.509 certificates for document signers.

To further the goal of meeting clients’ regulatory requirements, AssureSign formalized a HIPAA Compliance Plan in January 2009. The HIPAA Privacy Rule protects the privacy of individually identifiable health information, and patient confidentiality. All customer care staff, software engineers and information technology department staff have completed HIPAA privacy and security training. This move to address Electronic Protected Health Information illustrates AssureSign’s commitment to addressing the needs of specific industries with regard to security.

AssureSign is also in the process of earning an enterprise-wide SAS 70 certification. A SAS 70 certification represents that a service organization has been through an in-depth audit of their control objectives and control activities, including controls over information technology and related processes. SAS 70 certification demonstrates that a service organization has adequate controls and safeguards when hosting or processing data belonging to customers.  Type 1 certification will be completed in the second quarter of 2009, and Type  2 certification is expected near the end of the year.

“Our SAS 70 initiative is focused on the entire range of services, infrastructure, processes and back office systems used to deliver the AssureSign solution to our customers.  This differentiates us from those who simply state that their servers are located elsewhere in a SAS 70 data center.   If you understand what SAS 70 means, you understand the difference, “ said David W. Brinkman, AssureSign’s Chief Executive Officer. “With the release of our enhanced security version and the various measures we’ve taken to ensure we remain compliant, AssureSign now offers unparalleled security, further enhancing our electronic signature technology. And since AssureSign is a Software-as-a-Service (SaaS) application, existing customers can immediately have this new functionality without having to upgrade any software on their system.”

We will be releasing AssureSign version 2.0.3 to our production environment this week, and I would like to explain some of the more compelling features that will become available to our clients. The primary focus of this release was the addition of security features to enhance our ability to match enterprise-level security needs for some of our clients; we recognize that financial services, healthcare and other industries require a certain level of compliance in regards to security, and we are adding features to meet these needs.

For example, all account security settings regarding site password strength, re-use, expiration, and lockout have been added to a new account security settings section. Included are new pre-set capabilities, as well as the ability to create a custom collection of settings that match your organization’s needs.

Additionally, we have added the powerful ability to require personal X.509 certificates of document signers. Granular settings allow this to be specified per document or across the account. This provides a new layer of irrefutability to documents signed in ongoing business partnerships and in instances where the highest level of security is required.

For our existing clients, documentation has been added for all new settings, and we have introduced another guideline for system administrators entitled "Security Best Practices" which will be made available online with the release. This document provides examples of specific scenarios and explains how security-related settings may be combined to accomplish certain business goals.

To the goal of meeting certain regulatory requirements, we are happy to say that our HIPAA Compliance Plan was formalized by management approval in January; all customer care staff, software engineers and IT department staff have completed HIPAA privacy and security training. Security has always been a primary concern of our organization; this move to address Electronic Protected Health Information illustrates our commitment to addressing the needs of specific industries.