Ascertia Ltd

SigningHub - Digital Signature Solution

SigningHub is a high trust platform delivering an electronic signing solution enabling organisations to create workflows for digital signature approval. Using business applications or as a standalone solution, SigningHub optimises how people review, approve and sign documents on any device, allowing businesses to migrate paper-intensive processes to the digital world.

Features

  • High trust solutions for Advanced and Qualified Electronic Signatures
  • Advanced document workflow for facilitating secure digital signature approval
  • Integrates with business applications including SharePoint, Salesforce and Office 365
  • Strong authentication, accurate traceability, detailed accountability, data integrity, archiving
  • Deployment options – on-premise, hybrid, public or private cloud
  • Standards compliant – eIDAS, ETSI, SEN, NIST and Adobe CSC
  • Prepare and sign documents across devices, any browser, any time
  • Interoperable with Adobe® Reader– ISO 3200 & ISO 19005
  • Secures documents using strong user authentication, integrity, non-repudiation and encryption
  • Mobile App, enterprise branding and FDA21CFR Part11 compliant

Benefits

  • Industry standard and regulation compliant
  • Rapid digital transformation for document signing – ink to electronic
  • Flexible payment plans to facilitate changing business habits and behaviours
  • Display documents clearly and securely. Minimise disputes and misunderstandings
  • Prevents data leakage using policy controls and data encryption
  • High trust to underpin legislative, regulatory and internal control requirements
  • Future proofed using common industry standards and tracking emerging trends
  • Document status tracking: fully traceable and auditable business signature processes
  • Enables easy business adoption by supporting all common document types
  • Utilises technology best practices and operates to Government security standards

Pricing

£1.80 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@signinghub.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 5 6 3 2 0 2 8 2 6 1 9 7 8 3

Contact

Ascertia Ltd Sam Crook
Telephone: +44 7796 952668
Email: sales@signinghub.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
SigningHub has rich API functionality and can be integrated into core business applications OR used in a standalone mode. SigningHub also supports special connector apps for Microsoft SharePoint, Salesforce and Dynamics.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
SigningHub.com is a cloud based service, therefore no hardware considerations to consider.

12 hour x 5 days product support service is available from 06:00 to 18:00 GMT Monday to Friday. The web support centre is available 24x7 to receive support tickets.

Planned events such as system updates occur on a quarterly basis. Such events occur during off-peak ours. Information on these events is shared on SigningHub.com.
System requirements
  • Use any HTML5 browser Including Chrome, Firefox, Safari, Edge, IE9+
  • SigningHub supports mobile web browsers on mobile devices including phones
  • The optional SigningHub mobile app (free) supports iOS and Android
  • Private cloud hosted solution requires virtual machine(s) or server(s)
  • Private cloud hosted solution requires database solution for configuration files
  • Private cloud hosted solution requires operating system for solution software

User support

Email or online ticketing support
Email or online ticketing
Support response times
Weekdays: Within 4 hours.
Weekends: Reasonable efforts
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
A standard web browser interface is used to login to the on-line based support ticketing system. The browser being used is therefore responsible for the WCAG accessibility features. A simple form is presented that asks for details of the support being requested.

The alternative is to use a standard email client or webmail interface to send an email to support@ascertia.com that details of the support services being requested. WCAG accessibility is the responsibility of the email client.

Skype is also available as a means of communication
SkypeID: ascertia.support.
In this case Skype is responsible for the WCAG accessibility criteria.
Web chat accessibility testing
Some research has been completed and more can be actioned according to customer needs
Onsite support
No
Support levels
Support is provided from 6am to 6pm GMT.
Access to our support service is included at no extra cost -
using email or web-based support requests.
Skype chat and escalation to a telephone meeting
or web-conference session, if required.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
As part of the on boarding process, Ascertia provide How-to training videos and full step-by-step manuals to assist customers get started with SigningHub.

Remote or on-site training sessions can also be provided.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
The SigningHub service plan will be downgraded upon contract expiry, limiting the capability to sign documents and start new workflows. Any documents or workflow evidence reports that are still residing within the SigningHub account can be downloaded in bulk. User details and contact details can be deleted.
End-of-contract process
The SigningHub service plan will be downgraded upon contract expiry, limiting the capability to sign documents and start new workflows. Any documents or workflow evidence reports that are still residing within the SigningHub account can be downloaded in bulk. Core functionality is included in the price of the contract. Additional costs to the customer may be incurred for on premise or private cloud deployment, remote signing feature with eIDAS Level 2 Sole Control, local signing feature using smartcard or eID, adding individual or corporate AATL certificates from third parties, use of an external public CA.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
SigningHub Web (the desktop browser) displays more information on a wider landscape user interface than SigningHub Mobile Web which uses a portrait layout. SigningHub Mobile App looks the same as Mobile Web but has the benefit of being an app rather than a browser page.
SigningHub Mobile App supports iOS and Android devices
Service interface
Yes
Description of service interface
SigningHub provides a quick easy digital Signature platform for preparing, sending, viewing, Signing and returning your e-documents. The platform enables users to start a new document workflow, change personal or enterprise settings and quickly access pending, in-progress, declined and completed documents. A workflow entails uploading documents, adding recipients, choosing a template and setting permissions. The user can then prepare document(s) by adding signature, form fields and share document. Users can also review and sign documents quickly, easily and securely
Accessibility standards
None or don’t know
Description of accessibility
A standard web browser interface is used to login to the on-line based support ticketing system. The browser being used is therefore responsible for the WCAG accessibility features. A simple form is presented that asks for details of the support being requested.

The alternative is to use a standard email client or webmail interface to send an email to support@ascertia.com that details of the support services being requested. WCAG accessibility is the responsibility of the email client.

Skype is also available as a means of communication.
SkypeID: ascertia.support.
In this case Skype is responsible for the WCAG accessibility criteria.
Accessibility testing
Some research has been completed and more can be actioned according to customer needs
API
Yes
What users can and can't do using the API
SigningHub provides a REST architectural style API that supports over 100 different methods. The API allows full document preparation, sharing, review and signing (electronic and digital) operations. Along with user enterprise management. Control of personal settings such as visible signature appearance, locale, and delegated signing are all available through the API. All signature workflow can be controlled via the API and updated in real time as required.

The API uses JSON for payloads and OAuth 2.0 for access and authorisation control. Initial authentication is based upon an Enterprise API Key. Enterprises in SigningHub support multiple API keys.

Both tight (embedding SigningHub functionality into the business application) and loose (browser redirect) integration models are supported as well as Authorised Remote Signing for level 2 sole control for remote signatures compliant with EN 419241 part 2.

SigningHub Mobile SDK allows developers to embed SigningHub functionality within their own mobile apps.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Full whitelist branding including logos, colour scheme, email notification content. Permission to branding is managed by extensive user & adminitrative roles & permissions functionality.

Scaling

Independence of resources
SigningHub runs on Microsoft's Azure platform and additional resources are added as required to service the growing requirements.

Analytics

Service usage metrics
Yes
Metrics types
Top Signers option will sort your enterprise users list with respect to those users, who have applied the highest number of signatures.
Top Senders option will sort your enterprise users list with respect to those users, who have sent the highest number of documents for approval processing.
Top Disc Storage option will sort your enterprise users list with respect to those users, who have consumed more account storage.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach
All user documents are AES-256 bit encrypted within the SigningHub application and then stored as encrypted Blobs within the SigningHub database. Only the owner or users they authorise can have this data decrypted and imaged within the browser session.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Either via the SigningHub API or manually by selecting all documents and downloading them directly.
Data export formats
Other
Other data export formats
  • PDF
  • PDF/A
  • Word 2013 if used
  • XML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • RTF, DOC, DOCX, DOT, DOTX, DOTM, DOCM, ODT, OTT, TXT
  • XLS, XLSX, CSV, TSV, XLSM, XLSB, XLTX, XLTM
  • PPT, PPTX, POT, PPS, POTX, PPSX, PPTM, PPSM, POTM, ODP
  • PSD, VSD, VSDX, VSS, VDW, VDX, VSSX, VSTX, VSDM, VSSM
  • JPG, JPEG, PNG, GIF, TIF, TIFF, ICO, BMP, EMF
  • HTML, XHTML, MHTML, XML, OOXML, DWG and DXF
  • PDF, XML, MPP, MPT, and ONE

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Various strong user authentication options are available.
For high trust requirements SigningHub can be delivered on-site
or via other service providers that offer PSDN connectivity
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
SigningHub is designed to offer 99.95% availability.
Planned maintenance occurs out of office hours and 5 days warning is provided of such activity.
Users are able to present their reasons for why a refund should be given in any circumstances.
Approach to resilience
Microsoft Azure is used to provide the highest levels of application availability.
Outage reporting
SigningHub is well proven to offer a robust and resilient platform. Ascertia’s SigningHub cloud service runs on an Azure instance in Northern Europe and has been running continuously with no unplanned downtime for several years of operation, and by many thousands of users. Other Ascertia partners around the world have similar experiences.

Similarly, the underlying ADSS Server has a long history of running 24/7 without intervention. High availability services can be ensured by using two production servers running SigningHub with a back-end database cluster offering resilient information services to deliver a service of 99.9% or better.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Other
Other user authentication
For certain authentication services users have to provide an email address to SigningHub before initiating the login process. These authentication services include: Entrust IdentityGuard; AET Consent ID; Verisec, Freja.

SigningHub Cloud service also allows certain authentication services including social accounts where the user initiates login directly with these authentication methods and is then redirected to our cloud service. Once authenticated, SigningHub will get the authenticated user's email address. These authentication services include: Salesforce; UBISecure; Google; LinkedIn; MSOffice 365; Azure AD; Active Directory; ADFS; SAMLv2 SSO;

And many more...
Access restrictions in management interfaces and support channels
Only authorised staff are allowed access to SigningHub's Admin Screens. Role based access controls are used to restrict staff rights.
Strong mutual TLS security is used to authenticate operators and prevent unauthorised access.
Access restriction testing frequency
At least once a year
Management access authentication
Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
At a high-level we follow the ISO/IEC 27001 security management principles. We have defined a Information Security Policy and then lower-level policies like access control policy, antivirus policy, network connection policy, password policy etc.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The SigningHub Cloud service is under strict configuration and change management controls. These include restricting who can access the system and under which privileges. Any configurations changes are first planned and authorised by the Ascertia CTO and then implemented by the IT Team and verified by the QA Team. All security related changes are made under under dual control i.e. an IT administrator makes the changes and these remain pending until approved by the Security Officer role holder.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Ascertia conducts regular internal and external penetration testing exercises using both in-house and commercial testing tools. During development there is extensive peer reviews and QA testing of each product change. Product patches can be made available within 1 to 5 days depending on severity/complexity.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises are identified through internal reviews and testing, external 3rd party security reviews as well as customer testing. Ascertia always handled potential compromise with highest priority by assigning relevant resources for immediate analysis and resolution of the issue. We ensure all affected customers are notified in a simple and clear manner. Our objective is to respond to incidents within 24 hours.
Incident management type
Supplier-defined controls
Incident management approach
We follow a formal approach to incident management which involves logging the incident with a unique ID and date/time. The incident is then categorised and prioritised. The response to the incident is then prepared and provided to all affected parties.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1.80 a user a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Everything is included as per the needs of the organisation trialling the service. Trial runs for 30 days with the option to extend
Link to free trial
https://web.signinghub.com/Register?planId=30

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@signinghub.com. Tell them what format you need. It will help if you say what assistive technology you use.