What about the security of digital signing?
Is a digital signature via Stiply secure?
Security by privacy-by-design and by default (GDPR) principle
Stiply is developed according to privacy-by-design and by default principle: we store as little personal (GDPR) data as possible. The required data is quickly deleted after the signing process is completed. In this, we maintain a balance between optimal availability and security.
A signing request and document is backed up monthly. These backups are kept on other servers (at a remote location). After all parties have signed, the document is finalised, sent and immediately removed from the servers. This also applies to signatures, by the way. Personal data are irrevocably anonymised. You can read all the privacy measures in our processing agreement.
A signing solution,
not an archive
One of the most frequently asked questions is whether employees have access to the contents of documents.
No, is the answer to that. The security and integrity of signed documents is extremely important to us. Therefore, except for incident management, our employees do not have access to documents. In the exceptional case of incident management, prior permission will always be sought from the customer.
It is not possible for users and employees to view the documents of open signature requests. When a signing process is completed, the documents are delivered to the signatories. Within a maximum of 90 days, we delete all signers' data and signed documents.
Should a signatory lose their document for any reason, the person who sent the document can, if this function is activated, download the signed contract again. As long as the signed document is available, up to 90 days, the sender can download the document from the application.
European cloud platform and services
Signature requests and documents contain sensitive information, such as personal data. No one else, except the parties involved, should see these documents. When you place a legally valid digital signature within Stiply, you do so in a secure environment. Only you and the other signatories have access via a personal and secure link.
When a signing period has expired, the link becomes inactive and access is not possible. After the signing period is renewed, a new link is shared.
Stiply is ISO certified with the following ISO certificates:
In addition, the cloud platform is certified to ISO 9001 and ISO 27001. European AWS servers are used. This server farm is located in Frankfurt (DE). Other services, such as the mail server, are also located in Europe.
Security and integrity of the digital signature
To ensure the integrity and security of a digitally signed document, documents with an extra advanced electronic signature (AES) are provided with a certificate. This certificate is issued by an official Trusted Service Provider (TSP). Incidentally, it is also possible to provide documents with a simple electronic signature with a certificate issued by a TSP.
For signing with an advanced electronic signature, Stiply uses Swisscom's advanced certificates. Swisscom is also a QTSP authorised to issue qualified electronic signatures.
This additional certificate shows you at a glance whether the document still has integrity as soon as the pdf document is opened.
ISO certified digital signature software
Stiply considers the delivery of quality and quality assurance enormously important. For this reason, ISO has been implemented in its operations. Stiply and the in-house developed digital signature software have no less than three ISO certificates. These are: ISO 9001, ISO 27001 and ISO 27017.
ISO 9001 enables us to achieve stable business operations. Focused on the future and delivering a continuous business and product.
ISO 27001 and ISO 27017 are certificates focused on information security and cloud infrastructure. Both certificates are very important in processing personal data and privacy-sensitive documents.
Security of the signing platform through a pen test
Stiply has the signing software tested (at least 2) annually for security by an ethical hacker.
Pentest stands for penetration test. This involves an ethical hacker trying to get into the Stiply signing software. Good news is that since we had this carried out in 2016, there have been no penetrations!
Measures within our cloud infrastructure
Various security measures and other technical measures have been taken to secure the environment and application as much as possible. One example is encryption.
Our measures are described in our Stiply NEXT cloud service whitepaper.
You can read it on our privacy and terms and conditions page.