Entrust Datacard (Europe) Limited

Entrust Workflow Signing Service

Entrust Workflow Signing Service (Signhost) provides secure and seamless e-signing for all types of organizations. Upload your documents, add verification methods (AES and QES) and have them digitally signed within minutes. The service is used through our stand-alone web portal or integrated in your software through our API.

Features

• Use directly via web portal or app
• Web forms (generate signed contracts directly through your own website)
• Easy integration with API
• Connected with more than 100 partners and software solutions
• Integrated with Entrust solutions (e.g. IDaaS, RSS, SAS)
• Several e-id’s available using CSC and OIDC standards
• Option to support own branding

Benefits

• Wide portfolio of multiple identity verification and signing methods
• International platform for Verified Signing (AES/QES) and IDV
• Independent evidence, with transaction receipt
• 100+ software partners and integrations
• Cloud-based solution that meets the demands of a remote workforce
• Ease of set up and management
• Signs document from anywhere, at any time
• Low cost of ownership

£2,535.43 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at robert.hann@entrust.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

975201400815963

Contact

Robert Hann
07818 552411
robert.hann@entrust.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Entrust’s Signing Automation Service; Entrust’s Remote Signing Service; Entrust’s IDaaS Service
• Cloud deployment model: Public cloud
• Service constraints: Not appllicable
• System requirements: Access via any current up-to-date web browser is supported.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: From 9:00 hours to 17:00 hours Central European Time (CET), Monday through Friday, with the exception of Dutch public holidays (“Working Hours”) ; Priority 1 - response time 30 minutes - resolution time 4 hours; Priority 2 - response time 30 minutes - resolution time 8 hours; Priority 3 - response time 30 minutes - resolution time 16 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Not applicable
• Web chat accessibility testing: Not applicable
• Onsite support: Yes, at extra cost
• Support levels: From 9:00 hours to 17:00 hours Central European Time (CET), Monday through Friday, with the exception of Dutch public holidays (“Working Hours”) ; • Service Level Agreement (SLA) available upon extra payment.; o Support with emergency number outside office hours;; o Response time for prio 1 failures (No signature possible in production system);; o Escalation and direct contacts;; o On-line reporting on availability, incidents and maintenance;; o Possibility to perform penetration test/security audit;; o Insight into latest features and possibility to try them out.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The customer success team is available to guide all new customers in the onboarding process. Initial setup and activation is closely monitored by the customer success team.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Customer is responsible for extracting their own data. Documents are automatically removed after 3 months.
• End-of-contract process: A quote/subscription is valid for 30 days. The contract period is for 1 year, with a cancellation notice period of 1 month before the expiration date of the contract. Without cancellation, the contract will be automatically extended for one year with the same subscription of the expired contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences between the mobile and desktop versions of the service.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Accessible from any web browser, a dashboard can show the status of the signing transaction.
• Accessibility standards: None or don’t know
• Description of accessibility: Not applicable
• Accessibility testing: Not applicable
• API: Yes
• What users can and can't do using the API: The Signhost API is RESTful and HTTP-based. The API is used to integrate with third party applications so documents can be sent out for signing with the required identification method. With our postback service real time status updates on the transaction will be provided. Signed documents can be stored in the third-party application.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: A customer can have multiple options of customization with colours and logos. For example, branding of the signing screen, branding of the emails, and using own email domain for sending out signing requests.

Scaling

• Independence of resources: Entrust’s solution has been developed for large-scale enterprise deployments, and is designed to address both high scalability and redundancy requirements.

Analytics

• Service usage metrics: Yes
• Metrics types: Entrust can provide comprehensive license usage reports.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Administrators can export the relevant detail in a CSV export via the portal dashboard.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Entrust workflow signing service (Signhost) is available for creating transactions and receiving transaction updates 24 hours per day, seven days per week. Signhost has a target uptime of 99.8%.
• Approach to resilience: Available upon request
• Outage reporting: Customers that are subscribed to our public facing status page will be notified automatically.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: There are two types of roles available: Portal Admin and User. All roles require authenticated access.
• Access restriction testing frequency: Never
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Single Sign On (SSO)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: 02/21/2023
• What the ISO/IEC 27001 doesn’t cover: See certificate
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001
  • ISO 14001
  • ISO 27701

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001 Certified

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We abide by our change management policy and procedure.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We adhere to our Threat and Vulnerability Standard. Patches are deployed based on the severity/need of the patch. We gather intelligence from the following: Rapid7, Vulcan, Orca.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We follow our Information Security and Privacy Incident Management Policy Information Security and Privacy Incident Management Standard. Response times are dependent on severity of issue.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We follow our info security policies and procedures. These have been vetted as part of our ISO 27001:2022 certification process. Information Security and Privacy Incident Management Policy. Information Security and Privacy Incident Management Standard.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our goal is to manage our manufacturing, warehousing, distribution, and office facilities to minimize ecological impact. Entrust maintains an ISO 14001 certification at its headquarters and principal manufacturing facility and is working to set organizational carbon reduction goals to achieve net zero carbon emissions by 2050. We also comply with important environmental measures such as REACH, RoHS, and Proposition 65 where applicable to our business.

  Tackling economic inequality

  Diversity, Equity and Inclusion – Entrust has established concrete goals to build a more diverse workplace and supplier base. We actively promote an inclusive and welcoming culture across our business through our Entrust Includes initiative and we look for suppliers that embrace similar values through our formalized supplier diversity program. Equal opportunity.

  Equal opportunity

  Diversity, Equity and Inclusion – Entrust has established concrete goals to build a more diverse workplace and supplier base. We actively promote an inclusive and welcoming culture across our business through our Entrust Includes initiative and we look for suppliers that embrace similar values through our formalized supplier diversity program.

  Wellbeing

  Diversity, Equity and Inclusion – Entrust has established concrete goals to build a more diverse workplace and supplier base. We actively promote an inclusive and welcoming culture across our business through our Entrust Includes initiative and we look for suppliers that embrace similar values through our formalized supplier diversity program.

Pricing

• Price: £2,535.43 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The Go Plan provides the option to test our software completely free. No credit card needed. API trial accounts also available for free.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at robert.hann@entrust.com. Tell them what format you need. It will help if you say what assistive technology you use.