Security and data protection

Security

We comply with the highest security standards and guarantee a high level of confidentiality, integrity, and accessibility in our services by implementing our Information Security Management System (ISMS):

ISO/IEC 27001:2014

At Signaturit, we have passed the corresponding audit that certifies that our ISMS complies with the ISO/IEC 27001:2014 standard.

ISO 27001 is an information security standard that was originally published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

This standard’s security approach is based on globally recognized standards. These standards describe the requirements that any organization’s information security management systems (ISMS) must meet to be considered secure.

Safety by Design

We have defined development processes for creating safe products. These processes guide the activities that product teams must follow in the different stages of development (requirements, design, implementation, and launch). We also perform numerous security activities for trust services, including:

internal security reviews before launching the product;
periodic penetration tests (PENTEST) performed by independent third-party contractors;
modelling service threats, including documenting any detected attacks.

Employee training

Signaturit employees periodically undergo the company’s security and privacy training, covering security policies, best security practices, and the company’s privacy principles, among other topics.

At Signaturit, we also undergo phishing awareness campaigns and notify employees of emerging threats.

Data Protection

As qualified trust service providers and trusted third parties, it is our duty and commitment to comply with the highest security standards in terms of information security and data protection:

Your data is safe with Signaturit

We fully comply with EU Regulation No. 2016/679 regarding protections for processing the personal data of natur persons and the free circulation of these data (GDPR), and with Organic Law 3/2018 on data protection and guaranteeing digital rights. It is our priority to properly manage personal data protection through our platform.

Proactive Responsibility Principle and Security Measures

In order to, we have implemented various security measures to put the proactive responsibility principle into practice.
Here are some of them:

We have appointed a DPO, who can be contacted at the following email address: dpo@signaturit.com dpo@signaturit.com.
We keep an updated Data Processing Activity Registry.
We double encrypt the data, both when signing and when storing the information.
All our signature requests contain a time-stamp that ensures the document is completely inalterable from the moment it is signed.
We have identification systems for the media we work with.
We have a daily backup routine to make copies of our computer systems, in line with our Back-up Policy.
We carry out Data Protection Impact Assessments every two years.
We carry the ISO 27001 certification regarding our Information Security Management System.

On bionetric data processing

According to the GDPR, biometric data is understood as those “personal data obtained from a specific technical process, related to the physical, physiological, or behavioural characteristics of a natural person that allow for or confirm the unique identification of said person, such as facial images or fingerprint data.”

Given that the GDPR considers biometric data to be a special category of personal data, the consent of the owner is required to process said data in compliance with article 9.2 of the GDPR. With this in mind, before collecting biometric data, Signaturit requests the express consent of the signer by having him or her fill in a mandatory checkbox within the signing process.