E-Sign UK ltd

E-Sign UK Ltd

Secure document storage and processing and advanced electronic signature application

Features

• Advanced Audit Trail
• Digital Signature Certificate
• Secure Document Storage
• iD Checker
• Unlimited Document Templates
• Multi Language Application
• Payment Processing
• Email Personalisation
• SMS Two Factor Authentiction
• Password Protected Document Access

Benefits

• Reduced document turnaround time
• Improved compliance
• Loss of information prevention and data security
• Environmentally Friendly
• Works with the applications you already use
• Trusted electronic signature service provider
• Lower transaction costs

£190.00 a person a year

• Education pricing available
• Free trial available

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)

Framework

G-Cloud 12

Service ID

945880894650474

Contact

E-Sign UK ltd

Tom Taylor

(+44) 0330 057 3001

tom@e-sign.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: No Constraints
• System requirements: Internet Access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support response times within 10 minutes
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Yes, our web chat is fully functional with assistive technologies
• Onsite support: Yes, at extra cost
• Support levels: £450 day rate for support and training
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users Sign up for a free trial and can access user guides and request either on-site or web demos/training
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Users still have full access to uploaded documents and signed documents They just cannot upload or sign any further documents. They have the ability to delete all data from their account at any time
• End-of-contract process: Users still have full access to uploaded documents and signed documents They just cannot upload or sign any further documents. They have the ability to delete all data from their account at any time.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Fully optimised for all mobile devices
• Service interface: Yes
• Description of service interface: Fully optimised UI
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Our UI chat is fully functional with assistive technologies
• API: Yes
• What users can and can't do using the API: API information can be accessed via this link:; https://www.e-sign.co.uk/products/api/
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can select what features they require via API and we can build bespoke platforms

Scaling

• Independence of resources: The service is load balanced with real time server monitoring

Analytics

• Service usage metrics: Yes
• Metrics types: Realtime document data via user platform
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Direct download
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Word
  • Excel
  • PDF
  • Pages
  • Numbers

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: E-Sign will provide 24/7 Critical server support and systems monitoring to clients. All normal queries or development support issues will be responded to within 2 hours during the times of 0800- 1800 Monday to Saturday.
• Approach to resilience: E-Sign has a robust disaster recovery mechanism in place. Our servers within our datacentre have maintained multiple power and cooling distribution paths, and include redundant components (N+1). Data 99.99 % Availability. Our servers have centre facilities includes N+1 on all components and multiple LV path options. The servers are continually monitored 24 hours per day. If there were to be an issue at the primary data centre, the disaster recovery server would replicate the platform and initialise within 40 minutes. If circumstances force E-Sign from its current premises, access to the data centre business continuity centre will allow E-Sign to re-create both our office and IT environment within a very short time, so that critical operations will be up and running with minimum disruption to customers and communications.
• Outage reporting: E-Sign places notifications of outages on the website and direct mails all users of the system, as well as RSS messages

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Two factor authentication and role based access pre defined by the user
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 27/03/2020
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: British Assessment Bereau
• ISO 28000:2007 accreditation date: 27/03/2020
• What the ISO 28000:2007 doesn’t cover: N/A
• CSA STAR certification: Yes
• CSA STAR accreditation date: 24/02/2020
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: Yes
• Who accredited the PCI DSS certification: Trustwave
• PCI DSS accreditation date: 01/12/2018
• What the PCI DSS doesn’t cover: N/A
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001 Policies

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: E-Sign has change logs and version controls in place to monitor change management processes. All changes are tracked and tested in our staging environment.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The development and server team continually monitor and test for vulnerabilities and threats. Patches are deployed when required, and Information is gathered about potential threats via multiple sources.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Server team monitor and run penetration testing continually. Once any compromises are established, they are addressed immediately.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are reported via our ticketing system and allocated to the relevant person. They are then thoroughly investigates and addressed. Reports are completed in an incident report log and preventive action taken where required.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Pricing

• Price: £190.00 a person a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 14 day free trial and free web demo
• Link to free trial: https://app.e-sign.co.uk/#/register/11

Service documents

• Pricing document (pdf)
• Service definition document (pdf)
• Terms and conditions (pdf)