E-Sign
E-Sign is a leading provider of eIDAS compliant, secure electronic signatures and digital document management solutions. The electronic signature platform enables users to create, e-signature, send documents, negotiate contracts, accept payments, and create automated workflows. E-Sign offers a range of e-signature services, supporting unified digitalisation and simplified document transaction management.
Features
- eIDAS Electronic Signatures
- Workflow Implementation and Onboarding
- Easy-to-use E-Signature Platform
- Integration into Existing Applications
- Advanced Audit Trial
- Digital Signature Certificate
- Secure Document Storage
- Real time ID Verification with the E-Sign ID Checker
- Electronic Consent
- Digital Signature Certificate
Benefits
- Significant reduction in document processing time
- Improved compliance
- Increased data and document security
- Environmentally friendly
- Electronically sign documents from anywhere, on any device
- Works with the applications you already use
- Lower transaction costs
- Trusted electronic signature service provider
- Cut down on stationary, storage and postage costs
- Carbon Counter to track carbon reduction
Pricing
£96 a licence a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
8 2 4 2 6 1 7 1 1 0 4 7 7 0 8
Contact
E-Sign UK ltd
Tom Taylor
Telephone: (+44) 0330 057 3001
Email: thomas.taylor@esign.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Salesforce, Sharepoint, Power automate, Zapier
- Cloud deployment model
- Private cloud
- Service constraints
- No
- System requirements
- Users will need to have an E-Sign subscription/licence
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- https://www.esign.co.uk/service-level-agreement/
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- The web chat can be accessed from the E-Sign platform or website on all browsers and devices.
- Web chat accessibility testing
- None
- Onsite support
- Yes, at extra cost
- Support levels
-
E-Sign has a live chat function to assist with any support queries, as well as via telephone or email. We offer remote sessions if the issue cannot be resolved by phone and have an SLA, which can be adapted to client requirements.
E-Sign will provide 24/7 critical server support and systems monitoring to clients. All normal queries or development support issues will be responded to within 2 hours during the times of 08:00-18:00 Monday to Saturday.
Our servers within our datacentre have maintained 99.99 % availability. Our servers have multiple power and cooling distribution paths, and include redundant components (N+1). The servers are continually monitored 24 hours per day. If there were to be an issue at the primary data centre, the disaster recovery server would replicate the platform and initialise within 40 minutes.
Maintenance and updates take place between 00:00 and 02:00 on Saturday and Sunday mornings. Scheduled downtime may be necessary for E-Sign to carry out essential maintenance or network upgrades. They will be kept to a minimum and scheduled to minimise disruption. E-Sign will aim to provide 7 days notice and in the event that such notice is impossible will provide the maximum period of notice practicable. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
The Account Manager works with the Client to complete a Business Value Map. This is a breakdown of the strategic goals and desired outputs for the application of E-Sign. The Account Manager then provides an implementation report detailing the different phases and required resources from the client to complete the implementation effectively.
Within this report, E-Sign provides the key milestones and the risk mitigating criteria to achieve the implementation schedule. The Account Manager will have a scheduled meeting/s with the client’s key stakeholders to build up a series of use cases. This helps the project manager to implement E-Sign effectively and provide user specific support documentation where required. Post implementation of E-Sign, there is a period of user acceptance testing and support for the key stakeholders and users of the software.
Information on our Implementation and UAT can be found in our Service Level Agreement on our website. E-Sign's intuitive web based application offers the user to simply set up an account and start using the platform with little work needed. The Account Manager within E-Sign will support the client during the process to ensure all users and departments are set up correctly and have access to all functionality. - Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- End-of-contract data extraction
- Users can download all of their of documents from the E-Sign dashboard.
- End-of-contract process
- The payment terms are identified between E-Sign and the Client as part of the Business Value Map process. i.e. 30 days. The payment terms are then factored into the end of contract process. As the end of contract approaches, the licence renewal has to be agreed, followed by the order form signed and invoice issued prior to the renewal date and in line with the clients payment terms. For example, the licence renewal date is the 15th of April and the client operates to 30-day payment terms. The client is required to have agreed the licence, signed the order form and took receipt of the renewal invoice by no later than the 15th of March.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Mainly use of touch gestures for scrolling / interacting with features on mobile vs mouse / keyboard on desktop.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AAA
- Description of service interface
- We pride ourselves on our user-friendly platform which has been designed to make document management easy. The user dashboard has an account settings section, personal folders to store documents, themes to personalise your dashboard, an address book and a direct link to the User Guides. The interface is interactive, with documents showing as pending or completed and a live carbon counter to track the amount of carbon that is saved. Signers are colour coded to distinguish between multiple signers on a document and the ‘recent activity’ provides a quick way to see documents currently being created and processed for signing.
- Accessibility standards
- WCAG 2.1 AAA
- Accessibility testing
- User acceptance testing.
- API
- Yes
- What users can and can't do using the API
- https://www.esign.co.uk/products/api-developer-portal/
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- E-Sign solutions offer a tailored approach to meet your specific needs, providing a variety of additional e-signature features and services, including eConsent, eWitnessing, ID Checker, Web Forms and Payment Processing. Customise your eSignature by drawing, typing, or uploading an image of your signature, adding a secure and recognisable mark to your digital transactions. Choose from a selection of personalisation colours to change the theme of your dashboard. Ensure consistent and strong branding across all communications by sending eSigned documents through with the personalised email feature. Save time with customisable document templates for efficiently sending the same document to multiple recipients. Create personalised embedded Web Forms to gather precise customer information relevant to your business. Additionally, utilise the API connector to seamlessly integrate E-Sign with your existing applications, enabling the creation of automated workflows and streamlining processes. All users of E-Sign can use customise their dashboard and signature, however advanced customisation features are only available on specific plans.
Scaling
- Independence of resources
- E-Sign servers within our datacentre have maintained multiple power and cooling distribution paths, and include redundant components (N+1). Data 99.99 % Availability. Our servers have centre facilities includes N+1 on all components and multiple LV path options. The servers are continually monitored 24 hours per day. If there was an issue at the primary data centre, the disaster recovery server would replicate the platform and initialise within 40 minutes. If circumstances force E-Sign from its current premises, access to the data centre business continuity centre will allow E-Sign to re-create both our office and IT environment very quickly.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Envelope usage, monthly filters
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Users can download their documents
- Data export formats
-
- CSV
- Other
- Other data export formats
- Data import formats
-
- CSV
- Other
- Other data import formats
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- https://www.esign.co.uk/service-level-agreement/
- Approach to resilience
- Available on request
- Outage reporting
- Email alerts and API. Public dasboard (status page) coming soon.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
-
E-Sign ensures privileged users carry out their administrative duties in a ‘clean’ (more trusted) environment.
E-Sign ensure privileged users handle their email and web browsing in a separate ‘dirty’ (less trusted) environment.
The ‘dirty’ environment is designed in a way that anticipates compromise, consequently, the breach doesn't have a big impact on our important systems.
E-Sign uses strong authentication mechanisms, including 2-factor authentication. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 24/03/2023
- What the ISO/IEC 27001 doesn’t cover
- None UK offices
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- Viking cloud
- PCI DSS accreditation date
- 27/02/2024
- What the PCI DSS doesn’t cover
- N/A
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
-
Cyber Essentials Plus
PSN - Information security policies and processes
- E-Sign conforms to ISO 27001 and ETSI standards, which are required to provide trust services. E-Sign uses a traditional vertical reporting structure. E-Sign employees are required to read the latest versions of company policies and procedures, via specialist training software, confirming once they have done so. Internal assessments are also carried out to measure employee training.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
The Senior Management Team of E-Sign identify any potential changes, this is then delegated to a responsible person as a “project manager”.
He or she will conduct a “research background” to determine the feasibility of the changes with regards to:-
• Purpose of the change
• Any potential consequences
• Integration of the quality management system
• The availability of resources
• The allocation or reallocation of responsibilities and authorities
• Technical Skills
• Timescales
• Risks
• Impact
Once completed this then forms part of the Management Review together with including within the internal audit schedule. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
E-Sign uses variety of tools and solutions to prevent and address cyberthreats. These include:
Asset discovery and inventory - tracking and maintaining records of all devices, software and servers.
Vulnerability scanners - testing against systems and networks.
Patch management - Keeping E-Sign computer systems up to date with the latest security patches.
Configuration Management - Ensures that devices are configured in a secure manner.
Security incident and event management(SIEM) - consolidates security information
Penetration testing -find and exploit vulnerabilities in computer systems.
Threat intelligence - track, monitor, analyse potential threats.
Remediation vulnerabilities - Generating remediation tickets. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
E-Sign keeps accurate and comprehensive audit logs in order to detect and react to inappropriate access to, or use of, information systems or data. If a potential compromise is detected, then these steps are followed:
Identification of the issue, Initial investigation, Immediate actions, Analysis and Remediation. E-Sign aims to respond to a cyber threat in under one hour. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Identify an incident and log it using the incident report form. E-Sign will categorise and prioritise the incident, respond with an initial diagnosis, and escalate the issue to the relevant team, ensuring communication is clear and concise. Next, investigation and diagnosis take place before resolution and recovery. Finally, once preventative actions are shown to be effective, the issue can be closed.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Public Services Network (PSN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
E-Sign have a responsibility to contribute solutions to climate change. We’re lucky to have some brilliantly diverse people leading our climate work across the business who are committed to the world’s forests by contributing towards saving paper. E-Sign staff have also been involved in initiatives such as tree planting, to combat climate change. Our solutions enable businesses to reach their net zero goals through abolishing the need for paper-based processes. Our platform also features a carbon counter, so users can see exactly how much carbon they’re saving from being emitted through using digital documents.Covid-19 recovery
Throughout the Coronavirus pandemic, E-Sign has been helping businesses mobilise, stabilise and return to work. During the post-COVID-19 recovery period, we’re helping these same businesses find opportunities while becoming stronger – including building resilience to navigate future shocks, by implementing robust digital solutions.Tackling economic inequality
Social purpose is woven into E-Sign’s fabric. E-Sign is committed to tackling economic inequality at the root by creating new businesses and new employment opportunities, to improving education and training. Our overriding vision is to help lower the unequal distribution of income and opportunity between different groups in society.Equal opportunity
E-Sign is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. E-Sign’s has an EEO Policy in place, which is the standard which everybody within the organisation adheres too.Wellbeing
E-Sign is committed to providing a healthy working environment and improving the quality of working lives for all staff. The wellbeing strategy aims to support the E-Sign’s mission and core values of freedom of thought and expression, freedom from discrimination and the recognition that E-Sign’s staff are its greatest asset.
Pricing
- Price
- £96 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- E-Sign offers a 14 day free trial for users to test our platform and its features. During the trial, users can send up to 5 envelopes and have access to 5 pre-built templates that can be customised and sent. No card details are required to set up a free trial.
- Link to free trial
- https://www.esign.co.uk/register/