We comply with the highest security standards and guarantee the highest level of confidentiality, integrity, and accessibility in our services, by implementing our Information Security Management System (ISMS).

ISO/IEC 27001:2014

We passed the corresponding audit that certifies that our ISMS complies with the ISO/IEC 27001:2014 standard.

ISO 27001 is an information security standard that was originally published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

This standard’s security approach is based on globally recognised standards. These standards describe the requirements that any organisation’s information security management systems (ISMS) must meet to be considered secure.

Safety by Design

We have defined development processes for creating safe products. These processes guide the activities that product teams must follow in the different stages of development (requirements, design, implementation, and launch). We also perform numerous security activities for trust services, including:

Employee training

All Signaturit employees periodically take security and privacy training, which covers security policies and practices, and the company’s privacy principles, among other topics.

We also do phishing awareness campaigns, and notify employees of emerging threats.


Data Protection

As qualified trust service providers and trusted third parties, it’s our duty and commitment to comply with the highest security standards in terms of information security and data protection.

Your data is safe with Signaturit

We fully comply with EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), and with Spanish Organic Law 3/2018 on data protection and guaranteeing digital rights. It is our priority to properly manage personal data protection through our platform.

Proactive Responsibility Principle and Security Measures

In order to comply with all our obligations regarding the protection of personal data, we’ve implemented various security measures to put the proactive responsibility principle into practice. Here are some of them:

On biometric data processing

According to the GDPR, biometric data is understood as “personal data obtained from a specific technical process, related to the physical, physiological, or behavioural characteristics of a natural person that allow for or confirm the unique identification of said person, such as facial images or fingerprint data.”

Given that the GDPR considers biometric data to be a special category of personal data, the consent of the owner is required to process that data, in compliance with article 9.2 of the GDPR. With this in mind, before collecting biometric data, Signaturit requests the express consent of the signatory, by having them fill in a mandatory checkbox in the signing process.


More than 2500 companies already trust us