QuoVadis Online Security Limited

SealSign Cloud - Digital Signing Service

A cloud-based signing service for mass automated signing of PDF and other file types by Adobe-trusted/Qualified signing certificates. Rapid 'signing as a service' to allow enterprise software - such as e-invoicing, e-archiving, ERP, CRM or document management system - to create and validate digital signatures.

Features

  • Cloud-based 'signing as a service' to integrate digital signatures
  • Integration with enterprise software applications
  • AATL (Adobe Trusted) or Qualified signatures
  • Automated mass-signing
  • Highly scalable, flexible and on-demand service

Benefits

  • Integration with existing enterprise software
  • Rapid installation & deployment
  • Highly scalable
  • LTV (Long Term Validation) of signatures
  • No data protection issues

Pricing

£4500 per licence per year

  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

7 3 5 9 1 7 8 1 9 2 8 3 1 7 3

Contact

QuoVadis Online Security Limited

Tanya Davis

0333 666 2000

uk.sales@quovadisglobal.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No constraints
System requirements
Broker software to be deployed in customer environment/cloud

User support

Email or online ticketing support
Email or online ticketing
Support response times
Sub 1-hour during office hours. 24x7 Emergency support outside of office hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
24 x 7 support online, telephone, eMail - NO ADDITIONAL COSTS
Use of GoToMeeting and similar systems for additional support if required Emergency 24 x 7 telephone support
Ticketing system
Knowledgebase
PKI widgets (several tools to help with managing certificates)
Dedicated account manager for every customer
Support available to third parties
Yes

Onboarding and offboarding

Getting started
On-boarding process includes online training & user documentation
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
There isn't anything to extract.
End-of-contract process
We switch off access to the service.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
  • Linux or Unix
  • Windows
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
Various integration options for accessing the signing service
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
No

Scaling

Independence of resources
Our technology is fully scalable and we regularly upgrade any aspect of the infrastructure to cope with peak demand.

Analytics

Service usage metrics
Yes
Metrics types
Dashboard provides information on service availability
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
There is nothing to export
Data export formats
Other
Other data export formats
There is no data to export
Data import formats
Other
Other data import formats
There is no data to import

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability of Services. The QuoVadis Signing Service will be operational 24 hours per day, 7 days per week, and 365 days per year. The services will be deemed operational if they are available 99.5 % of the time on a monthly basis. Scheduled downtime will not exceed seven hours per month, and will occur (i) between 6:00 p.m. on Saturday evening and 6 a.m. on Sunday morning, Atlantic Time, or (ii) at such other times and days as QuoVadis may deem necessary, provided QuoVadis gives Client at least three calendar days advance written notice of such other time and day for scheduled downtime.
Approach to resilience
Available upon request. Standard meets all requirements of our industry accreditations - baseline, Webtrust, EV, AATL, Qualified certificate, eIDAS accreditations.
Outage reporting
A public dashboard

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
Subscribers have to be 'invited' to register by an Administrator. It's a closed system, the link is specific to their eMail address. They then login using a username:password combination. Administrators are issued with an AdminID (PKI certificate) to authenticate. Access rights are then permissions-based. Optional dual control for all certificates issued.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Quality Management Services International (QMS)
ISO/IEC 27001 accreditation date
14/2/2012
What the ISO/IEC 27001 doesn’t cover
Nothing
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Industry specific accreditations: Webtrust, EV, AATL, Qualified, eIDAS

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We are required to follow strict information security policies and processes to attain and retain our industry accreditations.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We are required to follow strict configuration and change management processes to attain and retain our industry-specific accreditations.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We are required to strictly manage vulnerability to attain and retain our industry-specific accreditations.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We are required to use lots of protective (pro-active) monitoring processes to attain and retain our industry specific qualifications.
Incident management type
Supplier-defined controls
Incident management approach
We are required to have very strict incident management processes to attain and retain our industry specific accreditations.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£4500 per licence per year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
30-day free production certificate(s) for pilot projects

Service documents

Return to top ↑