VolkSign maintains a comprehensive written information security program consisting of policies, standards, procedures, and related documentation that define the criteria, methods, and measures governing the processing and protection of Customer Content and the VolkSign systems or networks used to process or secure Customer Content (“VolkSign Information Systems”) in connection with providing the Services under the Agreement.
The security of data, including Customer Content accessed, stored, shared, or otherwise processed through VolkSign Services, is a shared responsibility between VolkSign and the Customer. VolkSign is responsible for implementing and operating its information security program, while the Customer is responsible for properly managing user access, permissions, and configuration of features within the Services.
VolkSign ensures that its personnel:
Are bound by confidentiality obligations that provide protection for Customer Content; and
Receive appropriate training related to the processing and protection of Customer Content.
In accordance with its information security program, VolkSign implements commercially reasonable physical, organizational, and technical controls designed to:
Ensure the security, integrity, and confidentiality of Customer Content; and
Protect Customer Content against anticipated threats, unauthorized access, accidental loss, alteration, or disclosure.
VolkSign maintains processes to keep VolkSign Information Systems up to date with relevant upgrades, patches, bug fixes, and new versions.
Firewalls are configured and maintained to protect Customer Content and VolkSign’s non-public systems.
VolkSign uses up-to-date anti-malware and anti-virus solutions with automatic updates to mitigate risks from malicious software, including viruses, ransomware, spyware, and other threats.
VolkSign regularly tests its security systems, processes, and controls to verify effectiveness and compliance with these Security Practices.
VolkSign maintains access control policies governing personnel access to VolkSign Information Systems:
Unique user IDs are assigned to authorized personnel
Access is limited to individuals with a legitimate business need
Access rights are reviewed periodically and revoked when no longer required
Strong password policies and multi-factor authentication are enforced
Default system passwords are not used
Credentials must remain confidential and are not shared
VolkSign enforces information security, confidentiality, and acceptable use policies and monitors compliance.
Development and testing environments are logically separated from production systems that process Customer Content.
VolkSign follows industry-recognized standards, such as NIST SP 800-88, to ensure Customer Content is rendered unrecoverable before media disposal.
Remote access to private VolkSign networks requires encrypted VPN connections with multi-factor authentication.
VolkSign uses industry-standard encryption consistent with recognized security frameworks to encrypt Customer Content both in transit and at rest. Only encrypted connections are permitted for data transfer.
Any third parties engaged by VolkSign are required to maintain security standards comparable to those outlined in these Security Practices.
VolkSign may use third-party cloud service providers to host and process Customer Content. Such providers maintain industry-standard physical and technical safeguards and conform to recognized security certifications such as ISO 27001 or equivalent.
These providers must:
Maintain physical access controls
Use environmental monitoring and fire suppression systems
Restrict access to authorized personnel
Maintain business continuity and disaster recovery plans
Annual independent audits and risk assessments are conducted for critical providers.
VolkSign maintains a disaster recovery and business continuity program designed to restore Services following an incident. This includes:
Regular backup validation
Annual review of critical systems
Periodic testing and updates of recovery procedures
VolkSign will notify Customers without undue delay upon confirmation of a Security Breach. Notifications will be sent to the Customer’s registered contact email.
VolkSign will investigate, contain, and remediate Security Breaches in accordance with its incident response procedures and provide relevant information to support Customer compliance obligations.
Attempts that do not result in unauthorized access—such as port scans or failed login attempts—are not considered Security Breaches.
Security incidents caused by Customer misconfiguration, credential compromise, or unauthorized sharing of access are not considered Security Breaches attributable to VolkSign.
VolkSign’s response to a Security Breach does not constitute an admission of fault or liability.
VolkSign conducts ongoing monitoring, risk assessments, and security reviews.
Independent third-party audits may be conducted in accordance with recognized standards (such as SOC 2). Audit reports are treated as confidential and may be shared upon written request, subject to confidentiality obligations.
VolkSign conducts regular penetration testing and vulnerability assessments performed by independent security professionals.
Agreement – The contract governing use of the Services
Customer – The individual or entity using VolkSign Services
Customer Content – Any data, documents, or materials uploaded to the Services
Process – Any operation performed on Customer Content
Security Breach – Unauthorized access, loss, or disclosure of Customer Content
Services – VolkSign’s electronic signature and document management services
VolkSign Personnel – Authorized individuals processing Customer Content
User – Any authorized individual accessing the Services
VolkSign maintains a comprehensive written information security program consisting of policies, standards, procedures, and related documentation that define the criteria, methods, and measures governing the processing and protection of Customer Content and the VolkSign systems or networks used to process or secure Customer Content (“VolkSign Information Systems”) in connection with providing the Services under the Agreement.
The security of data, including Customer Content accessed, stored, shared, or otherwise processed through VolkSign Services, is a shared responsibility between VolkSign and the Customer. VolkSign is responsible for implementing and operating its information security program, while the Customer is responsible for properly managing user access, permissions, and configuration of features within the Services.
VolkSign ensures that its personnel:
Are bound by confidentiality obligations that provide protection for Customer Content; and
Receive appropriate training related to the processing and protection of Customer Content.
In accordance with its information security program, VolkSign implements commercially reasonable physical, organizational, and technical controls designed to:
Ensure the security, integrity, and confidentiality of Customer Content; and
Protect Customer Content against anticipated threats, unauthorized access, accidental loss, alteration, or disclosure.
VolkSign maintains processes to keep VolkSign Information Systems up to date with relevant upgrades, patches, bug fixes, and new versions.
Firewalls are configured and maintained to protect Customer Content and VolkSign’s non-public systems.
VolkSign uses up-to-date anti-malware and anti-virus solutions with automatic updates to mitigate risks from malicious software, including viruses, ransomware, spyware, and other threats.
VolkSign regularly tests its security systems, processes, and controls to verify effectiveness and compliance with these Security Practices.
VolkSign maintains access control policies governing personnel access to VolkSign Information Systems:
Unique user IDs are assigned to authorized personnel
Access is limited to individuals with a legitimate business need
Access rights are reviewed periodically and revoked when no longer required
Strong password policies and multi-factor authentication are enforced
Default system passwords are not used
Credentials must remain confidential and are not shared
VolkSign enforces information security, confidentiality, and acceptable use policies and monitors compliance.
Development and testing environments are logically separated from production systems that process Customer Content.
VolkSign follows industry-recognized standards, such as NIST SP 800-88, to ensure Customer Content is rendered unrecoverable before media disposal.
Remote access to private VolkSign networks requires encrypted VPN connections with multi-factor authentication.
VolkSign uses industry-standard encryption consistent with recognized security frameworks to encrypt Customer Content both in transit and at rest. Only encrypted connections are permitted for data transfer.
Any third parties engaged by VolkSign are required to maintain security standards comparable to those outlined in these Security Practices.
VolkSign may use third-party cloud service providers to host and process Customer Content. Such providers maintain industry-standard physical and technical safeguards and conform to recognized security certifications such as ISO 27001 or equivalent.
These providers must:
Maintain physical access controls
Use environmental monitoring and fire suppression systems
Restrict access to authorized personnel
Maintain business continuity and disaster recovery plans
Annual independent audits and risk assessments are conducted for critical providers.
VolkSign maintains a disaster recovery and business continuity program designed to restore Services following an incident. This includes:
Regular backup validation
Annual review of critical systems
Periodic testing and updates of recovery procedures
VolkSign will notify Customers without undue delay upon confirmation of a Security Breach. Notifications will be sent to the Customer’s registered contact email.
VolkSign will investigate, contain, and remediate Security Breaches in accordance with its incident response procedures and provide relevant information to support Customer compliance obligations.
Attempts that do not result in unauthorized access—such as port scans or failed login attempts—are not considered Security Breaches.
Security incidents caused by Customer misconfiguration, credential compromise, or unauthorized sharing of access are not considered Security Breaches attributable to VolkSign.
VolkSign’s response to a Security Breach does not constitute an admission of fault or liability.
VolkSign conducts ongoing monitoring, risk assessments, and security reviews.
Independent third-party audits may be conducted in accordance with recognized standards (such as SOC 2). Audit reports are treated as confidential and may be shared upon written request, subject to confidentiality obligations.
VolkSign conducts regular penetration testing and vulnerability assessments performed by independent security professionals.
Agreement – The contract governing use of the Services
Customer – The individual or entity using VolkSign Services
Customer Content – Any data, documents, or materials uploaded to the Services
Process – Any operation performed on Customer Content
Security Breach – Unauthorized access, loss, or disclosure of Customer Content
Services – VolkSign’s electronic signature and document management services
VolkSign Personnel – Authorized individuals processing Customer Content
User – Any authorized individual accessing the Services