Digidentity B.V.

Electronic Seals (eSeals)

Digidentity's Qualified eSeal service offers organisations a secure, legally binding way to prove the authenticity and integrity of digital documents and transactions. Compliant with eIDAS regulations, our eSeals use advanced cryptography and rigorous identity verification to ensure tamper-proof, traceable documents, streamlining paperless workflows and enhancing trust in digital operations.

Features

• Qualified eSeals compliant with eIDAS regulations
• Tamper-evident and tamper-proof digital seals
• Legally binding and admissible in court
• Traceable to the issuing organisation
• Integrates with existing systems and processes (DocuSign and Adobe)
• Expert support and guidance for setup and usage
• Streamlines paperless workflows and document processing

Benefits

• Enhances trust and confidence in digital transactions
• Reduces risk of fraud and data tampering
• Saves time and costs associated with paper-based processe
• Increases efficiency and productivity in document management
• Facilitates cross-border digital transactions and interoperability
• Strengthens the legal value of digital documents
• Supports sustainability by reducing paper consumption

£300 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales_UK@digidentity.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

992361466946721

Contact

Jonathan Evans
+44(0)330 60 60 732
sales_UK@digidentity.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Our service is highly configurable and is built in a way that means integration to client systems is made simple.; ; This service is a configuration of our GPG compliant identity verification platform, which adheres to the DCMS Trust Framework.; ; SCIM synchronization with Microsoft Entra ID possible.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • Digidentity supports iOS 15 and later software
  • Digidentity supports apple iPhone 8 and later
  • Digidentity supports Android 9 and later software

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Digidentity provides Telephony, Chat and E-mail support.; ; For Telephony and Chat the response is in real time. For e-mail our average response time is 24 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: To be confirmed
• Onsite support: Yes, at extra cost
• Support levels: CHECK; We support users 7 days week (except for bank holidays).; ; 08:00 – 22:00 on weekdays and 08:00 – 17:00 at weekends.; ; WebChat support accessibility standard: WCAG 2.0 AA or EN 301 549 9: Web.; ; We do client integration support 24/7 through phone and e-mail.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our integration team works with purchasing organisations via a combination of physical meetings and online workshops to ensure a smooth and quick launch of the service. Technical support, user documentation, and appropriate levels of training are provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: No data from the purchasing organisation is stored
• End-of-contract process: Digidentity will work with the purchasing organisation to ensure an orderly wind down of the service. There are no additional end-of-contract costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The process is the same, but optimised for mobile experience. A user is able to switch, seamlessly, between the mobile and web journeys. They are able to leave and pick-up an application from where they left off irrespective of device or operating system.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: G-SAML OAuth 2.0, SCIM and OIDC protocols supported.; ; We also have two SDKs, which offer customers/buyers the ability to consume the full range of Digidentity's platform components in any configuration required.; ; The SDK(s) also provides the requisite tools that affords the customer/buying organisation the option to fully customise the UX making for a seamless user experience.
• Accessibility standards: None or don’t know
• Description of accessibility: At Digidentity, we're all about making our service accessible to everyone, including people with disabilities. We've designed our platform with features like keyboard navigation, screen reader support, and adjustable contrast and font sizes, so it's easy for all users to navigate and use our digital identity solutions. ; We follow WCAG 2.1 guidelines and put a lot of effort into testing and improving our platform to make sure it's intuitive and inclusive. Our goal is to provide secure digital identity services that are accessible to all.
• Accessibility testing: We haven't done any testing with users of assistive technology in the last 12 months. If required, we would be happy to conduct this type of testing.
• API: Yes
• What users can and can't do using the API: Service providers connect to our service through our API. The API supports G-SAML OAuth 2.0, SCIM and OIDC protocols for authentication and authorisation. The service provider is required to conform to the profile, authentication contexts and attribute schema.; ; Successful performance of compliance tests is required prior to live running. The service provider generate authentication requests and translate the response using the API.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The solution can be customised to the needs of the buyer. This includes the front-end as well as the checks that need to be performed.; ; Our system can be integrated easily and quickly and our platform is easily configurable to offer buyers the flexibility to request the information they require.; ; A customised set-up will be carried out for each buyer ensuring the specific requirements of each customer is met.

Scaling

• Independence of resources: Our service is highly scalable, designed to handle high volumes of traffic and able to expand capacity to manage peaks in demand. We constantly review volumes to ensure that capacity runs ahead of demand.

Analytics

• Service usage metrics: Yes
• Metrics types: MI reports include key data covering usage, performance and outcomes where available and applicable.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Our users are able to deactivate and permanently delete all personal information from their Digidentity accounts at any time. Other forms of data extraction is possible and can be agreed on an individual basis in collaboration with the buyer.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Digidentity operates a fully resilient system. Our operating standard is minimum 99.5% availability. Remediation terms subject to contract.
• Approach to resilience: Digidentity Service Resilience Architecture is available on request.
• Outage reporting: For any service outage we report via notifications for the user to see on a public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
• Access restrictions in management interfaces and support channels: We operate a role-based access management approach to ensure everyone in the company has the appropriate level of access. This is reviewed on a regular basis.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 26/03/2024
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO/IEC 27701:2019 Privacy Information
  • ISO27017:2015 Cloud Security
  • ISO27018:2019
  • ISO 9001:2015 Quality Management System
  • ETSI EN 319 401 Trust Service Providers
  • ETSI EN 319 411-1 Issuing public key certificates
  • ETSI EN 319 411-2 Issuing EU qualified certificates
  • EU Regulation 910/2014 (eIDAS)
  • EU Regulation 679/2016 (GDPR)
  • UK Digital Identity & Attributes Trust Framework (UK DIATF)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Digidentity Information Security Management System (ISMS) is based on ISO27001 compliance with a formal governance structure based on Information Security policy, standards and guidelines. For certain government contracts, Digidentity is certified to ISO27001.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All tickets associated with change management are tracked via JIRA and Project Roadmaps. Stakeholders are informed and able to provide feedback.; ; Digidentity's change management approach is intended to assess the impact of a change and the risks involved.; ; These are the guidelines used:; ; (1) What is the issue?; (2) What is the proposed solution?; (3) What are the requirements for this change?; (4) What is the impact (time, security, legal) of the change?; ; This assessment considers how the event could impact costs, schedule, criteria. Documents are continuously up-dated as part of the process.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: As part of ISO 27001:2013 compliance and ETSI compliance our process has regular vulnerability scans and penetration tests. According to our Patch management policy, patches will be applied no later than 6 months after issuance. Information about potential threats comes from internal and external vulnerability scan results and penetration test results.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have monitoring and alerting in place. The system is scanned daily via monitoring applications, any potential risks reported. An alert will be sent to the team to assess and handle any risk identified. Any potential compromise is taken up as an incident, processed through the incident management procedure. Incident response times:; ; Priority 1 – 10 minutes to react – 4 hours to resolution; Priority 2 – 10 minutes to react – 8 hours to resolution; Priority 3 – 30 minutes to react – 72 hours to resolution; Priority 4 – 30 minutes to react – 5 days to resolution
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident Management process is implemented to ensure an effective and consistent approach in the management, handling, recording and follow up of all incidents which occur within the business activities of Digidentity. The term incident is used to describe incidents which are related to services, data and information security.; ; The framework for each incident is the same: Identification, reporting, classification, investigation and evaluation.; ; Incidents shall be reported as soon as detected. The Incident Manager will classify the incident and inform the other incident managers. Depending on classification, the relevant incident manager(s) will be assigned.; ; A more detailed description available on request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  At Digidentity, we recognize the urgent need to combat climate change and are committed to playing our part in creating a sustainable future for generations to come. We understand the importance of not only delivering innovative technology but also doing so in an environmentally responsible manner.; ; To guide us on this journey, we have appointed an external specialist carbon consultancy to help us measure, reduce, and offset our carbon footprint. By setting clear organizational and operational boundaries, we have been able to accurately calculate our emissions in line with the Greenhouse Gas (GHG) Protocol, the global standard for measuring and managing emissions.; ; Our carbon reduction plan focuses on tackling emissions across all three scopes: direct emissions from owned sources (Scope 1), indirect emissions from purchased electricity (Scope 2), and indirect emissions from our value chain (Scope 3). We have set ambitious targets to reduce our emissions in line with the 1.5°C threshold set by the Intergovernmental Panel on Climate Change (IPCC), which aims to limit global warming to a level that would avoid the worst impacts of climate change.; ; In addition to setting a carbon-neutral date, we have also committed to achieving net-zero emissions, meaning that any remaining emissions will be offset through certified carbon removal projects. To ensure that our targets are aligned with the latest climate science, we have committed to the Science-Based Targets initiative (SBTi), a collaboration between leading organizations that helps companies set emission reduction targets in line with the Paris Agreement.; ; By taking a comprehensive and science-based approach to reducing our carbon footprint, we aim to demonstrate leadership in the fight against climate change and inspire others in our industry to follow suit. We believe that by working together and taking bold action, we can build a more sustainable and resilient future for all.

  Equal opportunity

  Digidentity is committed to fostering a diverse, inclusive, and equitable workplace where all employees have the opportunity to thrive and reach their full potential. We firmly believe that promoting equal opportunity is not only the right thing to do but also essential for driving innovation, creativity, and business success.; ; Our comprehensive diversity and inclusion policy sets out our commitment to creating a workplace that values and respects individuals from all backgrounds. This policy covers critical areas such as hiring and promotion, training and development, workplace culture, and employee engagement. We strive to ensure that our recruitment processes are fair, unbiased, and focused on attracting talent from diverse pools. Additionally, we provide equal access to training and development opportunities to support the growth and advancement of all our employees.; ; To foster a culture of inclusivity, we offer mandatory diversity and inclusion training to all employees. This training helps raise awareness about the importance of diversity, encourages employees to recognize and overcome unconscious biases, and provides practical tools for creating a more inclusive work environment. We actively promote open communication, respect, and collaboration among our diverse team members.; ; Through our parent company, we actively support and empower our women employees through the Women in Solera (WINS) initiative. This program aims to develop and deliver strong, effective leadership through impactful peer-oriented learning sessions, mentoring, and networking opportunities. By investing in the growth and advancement of women in our organization, we are building a more gender-balanced and inclusive workplace.; ; By embracing diversity, promoting inclusion, and upholding ethical business practices, Digidentity strives to create an environment where every employee feels valued, respected, and empowered to succeed.

  Wellbeing

  At Digidentity, we are deeply committed to promoting the well-being of our employees, recognising that their physical, mental, and emotional health is the cornerstone of our success. We have implemented a comprehensive wellness program that takes a holistic approach to support our team members in managing stress, maintaining a healthy work-life balance, and thriving both professionally and personally.; ; We also use valuable resources provided by OpenUp, our trusted partner in mental health and well-being. OpenUp offers a wealth of self-guided care resources, including articles, videos, and online courses tailored to address various types of stress. These resources cover topics such as understanding stress and anxiety, tips for helping the body recover from stress, disconnecting from work, and building resilience in times of distress. By exploring OpenUp's content library, our employees can access the tools and knowledge they need to effectively manage stress and promote their mental wellbeing.; ; In addition to self-guided resources, we are also encouraging our team members to participate in OpenUp's masterclasses. These masterclasses will provide valuable insights and strategies for navigating the challenges of the modern workplace, helping our employees maintain their well-being in the face of rapid technological and organisational changes.; ; Recognizing the crucial role that quality sleep plays in managing stress levels, we are also promoting OpenUp's online course, "Sleeping Better." This self-paced course offers expert guidance and practical techniques to help our employees prioritise and improve their sleep, further supporting their overall well-being.; ; At Digidentity, we understand that seeking support for mental health can be challenging, which is why we are committed to providing our employees with access to anonymous and confidential resources. OpenUp's platform ensures that our team members can access a variety of mental health services, including blogs, videos, online courses, masterclasses, and mindfulness sessions, without fear of stigma or judgment.

Pricing

• Price: £300 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Testing of signing process (upto 5 users); - - - Access to pre-production environment; - - - Access to signing platform

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales_UK@digidentity.com. Tell them what format you need. It will help if you say what assistive technology you use.