Is SigningHub compliant with any legislation and regulations concerning digital/ electronic signing?
Yes. SigningHub complies with the following legislations and regulations:
- EU Directive on Electronic Signatures
- EU Qualified Signatures
- US E-Sign Act
- FDA's 21 CFR Part 11
- UETA (Uniform Electronic Commerce Act)
- GPEA (Government Paperwork Elimination Act)
- SigningHub can also be used with industry credentials e.g. Adobe CDS®, SAFE-BioPharma®
No matter which country, jurisdiction, regulation or industry you belong, let us know to deal with your electronic signing requirements.
Is there any standard that SigningHub follow for digital signatures?
Yes. SigningHub digital signatures meet the following standards:
- ISO PDF,
- PDF/A and
- ETSI PAdES.
Are the generated signatures trusted by Adobe Acrobat Reader?
It depends whether the Root CA, to which your digital signing certificate is chained, is trusted in Adobe Acrobat Reader or not. Some public CA hierarchies are by default trusted in Adobe Acrobat Reader e.g. Adobe Root CA and GlobalSign Root CA. For the rest of the root CAs, all you need is to manually trust the Root CA that has issued the signing certificates. Click here to read more about this.
How secure is the SigningHub solution?
SigningHub provides the following security measures:
- All the network communications are conducted via SSL by using GlobalSign's issued trusted EV SSL cert.
- The servers run the latest patches of antivirus.
- All the documents are encrypted with AES 256 length key before being saved.
- The users' passwords are also encrypted before storing in the database.
- The users can optionally set passphrase, OTP, time-period based security to open a document.
- SigningHub provides two secured ways to sign the documents, i.e. Certificate ownership protected by SigningHub and/ or User owned certificate protected with User password.
- The users can also buy service plan which allows SMS based OTP for authentication.
How secure is the private information of a user within SigningHub?
Which practices do you recommend to secure my account?
You can beef up the security of your account by following these considerations:
- Don't leave your machine while you have logged into SigningHub.
- Use a difficult security question at the time of registration.
- Use a strong alphanumeric (including upper and lower case characters and special characters) password with at least 10+ length.
- In order to have multi factor authentication, use a smart card. In this case, the smart card PIN will also be required at signing time.
- To further secure the login, you can deploy in-house SigningHub and enable SSL Client authentication.
- Enable OTP based authentication. This is another form of multi factor authentication done at the time of signing the document. Contact us if you are interested to buy such a service.
What should I do if I think that my account is misused / hacked?
I want to use OTP with signing, what should I do?
Choose an appropriate service plan that includes OTP feature. You may also request for a custom service plan with OTP and other features enabled. Once you have got the required service plan, configure your mobile number (with correct country code and area code) inside your profile. Now when you send a document with the OTP security configured, you will have to provide the OTP received on your mobile device.
What audit trail features does SigningHub provide?
SigningHub provides the complete audit trial of each activity, either performed on document workflow level or on user account level. In this regard, SigningHub provides the following provisions:
- Basic document logging in the form of Document Log that covers different actions performed on a particular document (i.e. user name, performed activity, description, low level details of each action) with respective date and time stamps.
- Basic user logging in the form of Activity Logs that cover actions performed by a particular user (type, performed activity, description, low level details of each activity) with respective date and time stamps.
- Detailed logging in the form of Workflow Evidence report that furnishes complete logs of each activity performed within a document workflow by all recipients with respective details.
SigningHub Security Configurations 2020
Chrome has implemented the new model with Chrome 80 in February 2020. Mozilla and Microsoft have also indicated intent to implement the new model in Firefox and Edge, on their own timelines. (If you need further information regarding these changes please follow this link)
So, amid these security changes, we want to update all our SigningHub customers who have active outbound rules and are using the SigningHub version earlier then 7.7.7 then they need to make the following changes in the web.config file:
- Open *SigningHub Installation Directory*/web/web.config
- Open the web.config file
- Replace SameSite=Lax with SameSite=None
- Replace requireSSL="false" with requireSSL="true, in the httpCookies tag
- Save the file
- Restart the IIS Server