Rigorous Certification Reaffirms AssureSign’s High Quality Operational Standards and Controls

AssureSign LLC, a leader in electronic signature technology, today announced its successful completion of an enterprise-wide SAS-70 Type I audit, demonstrating AssureSign’s commitment to safeguarding customer data by meeting the strictest industry standard.

The SAS-70 Type I certification designates that adequate controls and safeguards are in place and operating effectively in regards to customer data that is hosted or processed by AssureSign. These high quality operations are required today by all industries, particularly by organizations that deal with financial transactions or critical data.

The SAS-70 audit, issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA), defines the professional standards used by a service auditor to assess the internal controls of a service organization. It was developed for service providers who wish to demonstrate the establishment of effectively designed control objectives and control activities, and has become one of the most widely recognized auditing standards for service organizations.

The scope of AssureSign’s SAS-70 audit is not exclusive to its world-class, mission critical data center; it incorporates controls from every aspect of AssureSign’s operational process including: human resources, information technology physical security, information technology logical security, client provisioning and account maintenance, accuracy and timeliness of transaction processing, application development, testing and change management, and statutory compliance.

“Achieving SAS-70 compliance demonstrates our commitment to protecting our customers’ sensitive data,” said David Brinkman, AssureSign’s chief executive officer. “AssureSign customers can feel confident regarding the controls that we maintain, ensuring the security of customer data and providing the highest level of integrity.  We are proud of this very significant investment in time and resources and know it significantly sets us apart from our peers and competitors.”  

Ongoing SAS-70 auditing will continue to reassess and improve AssureSign’s security and compliance best practices. SAS-70 Type II certification is expected to be completed in early 2010.

“The SAS-70 audit is the definitive overview by which a service provider can validate its operating effectiveness,” said Steven Cardillo, AssureSign’s chief financial officer. “Earning Type II certification of our services facilities will illustrate our dedication to the highest standards of service for our customers.”

Today, AssureSign is releasing  the latest version of its Salesforce tool, AssureSign for Salesforce CRM v 1.4.0. This new version includes an immediate presentment feature for documents. This feature enables documents to be signed when the document originator and signatory are face-to-face in the same location, such as a customer in a sales office. When the immediate presentment option is selected, a list of available signatories for the current signing step appears. The AssureSign landing page opens in a new window upon selection of a signatory and the signing process may begin.

To ensure signatory security is maintained and immediate presentment is used only according to corporate rules, system administrators may specify which documents may be presented for an immediate signature by modifying settings on templates in the AssureSign administration site,  and may be globally turned on and off from the AssureSign settings section within Salesforce.  The immediate presentment feature thus provides a powerful new option allowing the customer to sign in the most efficient way according to your sales model.

As part of AssureSign’s security enhancements, AssureSign for Salesforce CRM v 1.4.0 also includes the option to set passwords for completed documents.  This important feature works hand in hand with the security settings added in the AssureSign v 2.0.3 release to ensure links to completed documents maintain the security intended when the document template was designed.

Customers may access the latest release of AssureSign for Salesforce CRM at https://login.salesforce.com/?startURL=%2Fpackaging%2FinstallPackage.apexp%3Fp0%3D04t700000007u8D. Previous versions of AssureSign should not be uninstalled prior to installation or data may be lost. If you require assistance with installation or have any questions, please contact AssureSign at support@assuresign.com.

AssureSign LLC, a leader in electronic signature technology, officially unveiled the latest release of its AssureSign product, AssureSign v2.0.3. With this new release, AssureSign delivers a higher degree of security and compliance.

AssureSign is a web-hosted service that facilitates the managed processing of documents in an all-digital, highly secure, mission critical, environment. The primary focus of the latest release is the addition of security features to enhance AssureSign’s ability to match the enterprise-level security requirements mandatory for compliance by companies in financial services, healthcare, and numerous other industries.  New features include account security settings regarding password strength, re-use, expiration and lockout, as well as the ability to require personal X.509 certificates for document signers.

To further the goal of meeting clients’ regulatory requirements, AssureSign formalized a HIPAA Compliance Plan in January 2009. The HIPAA Privacy Rule protects the privacy of individually identifiable health information, and patient confidentiality. All customer care staff, software engineers and information technology department staff have completed HIPAA privacy and security training. This move to address Electronic Protected Health Information illustrates AssureSign’s commitment to addressing the needs of specific industries with regard to security.

AssureSign is also in the process of earning an enterprise-wide SAS 70 certification. A SAS 70 certification represents that a service organization has been through an in-depth audit of their control objectives and control activities, including controls over information technology and related processes. SAS 70 certification demonstrates that a service organization has adequate controls and safeguards when hosting or processing data belonging to customers.  Type 1 certification will be completed in the second quarter of 2009, and Type  2 certification is expected near the end of the year.

“Our SAS 70 initiative is focused on the entire range of services, infrastructure, processes and back office systems used to deliver the AssureSign solution to our customers.  This differentiates us from those who simply state that their servers are located elsewhere in a SAS 70 data center.   If you understand what SAS 70 means, you understand the difference, “ said David W. Brinkman, AssureSign’s Chief Executive Officer. “With the release of our enhanced security version and the various measures we’ve taken to ensure we remain compliant, AssureSign now offers unparalleled security, further enhancing our electronic signature technology. And since AssureSign is a Software-as-a-Service (SaaS) application, existing customers can immediately have this new functionality without having to upgrade any software on their system.”

We will be releasing AssureSign version 2.0.3 to our production environment this week, and I would like to explain some of the more compelling features that will become available to our clients. The primary focus of this release was the addition of security features to enhance our ability to match enterprise-level security needs for some of our clients; we recognize that financial services, healthcare and other industries require a certain level of compliance in regards to security, and we are adding features to meet these needs.

For example, all account security settings regarding site password strength, re-use, expiration, and lockout have been added to a new account security settings section. Included are new pre-set capabilities, as well as the ability to create a custom collection of settings that match your organization’s needs.

Additionally, we have added the powerful ability to require personal X.509 certificates of document signers. Granular settings allow this to be specified per document or across the account. This provides a new layer of irrefutability to documents signed in ongoing business partnerships and in instances where the highest level of security is required.

For our existing clients, documentation has been added for all new settings, and we have introduced another guideline for system administrators entitled "Security Best Practices" which will be made available online with the release. This document provides examples of specific scenarios and explains how security-related settings may be combined to accomplish certain business goals.

To the goal of meeting certain regulatory requirements, we are happy to say that our HIPAA Compliance Plan was formalized by management approval in January; all customer care staff, software engineers and IT department staff have completed HIPAA privacy and security training. Security has always been a primary concern of our organization; this move to address Electronic Protected Health Information illustrates our commitment to addressing the needs of specific industries.

AssureSign LLC, a leader in electronic signature technology, officially released the latest offering of its AssureSign product, AssureSign v2.0.2 on January 30, 2009. This new release offers a host of new features and options that further enhance the management of the application as well as the customer experience when signing documents electronically.  Some highlights of the new offering include:

• Certified Signature – AssureSign’s biometric electronic signature technology has been broadly accepted as providing one of the most comprehensive service-based, electronic, hand-written signatures on the market today.   AssureSign v2.0.2 introduces a certified signature alternative, which visually distinguishes typed signatures from other typed data input areas created in the signature process. Printed metadata, including date and timestamp, IP address and unique document identification number, appears embedded around the signature data to authenticate the signature.
  
• Customization and Branding – A signature-site customization tool enables account administrators to import custom logos or graphics, add custom messages and page header information, and embed links that will be displayed during the signing process.
  
• Enhanced Integration – Settings that allow users to customize the default redirection URL upon signing step completion for tighter integration of the signing experience into their existing business process workflow.
  
• Enhanced Forensics – Document creators have exposure to signatory IP addresses in document lifecycle reporting.
  
• Improved License Management – Easier visibility and access to per-seat license settings, with online ability to request additional licenses.
  
• Enhanced Security and Document Validation – An online document validation tool allows users with a document signed via AssureSign to validate its authenticity and confirm that the document has not been tampered with.

“Enhancements in AssureSign 2.0.2, particularly the ability to choose between biometric and certified signatures, are significant to the usability of the product,” said David W. Brinkman, AssureSign’s Chief Executive Officer. “Users now have the capability to customize AssureSign to reflect their personal preferences and coincide with their organization’s look and feel, enriching the end user experience. And since AssureSign is a Software-as-a-Service (SaaS) application, existing customers can immediately have this new functionality without having to upgrade any software on their system.”