Zignature's SOC 2 Type II certification means an independent auditor has tested our security, availability, and confidentiality controls over time — not just a point-in-time assessment.
Free plan available · No credit card required · ESIGN Act compliant
Built-in features that save time and close deals faster.
SOC 2 Type I certifications verify controls exist at a single point in time. SOC 2 Type II audits verify that controls operated effectively over an extended period (typically 6-12 months). Zignature's Type II certification provides stronger assurance that our security controls consistently protect your data — not just on audit day.
Zignature's SOC 2 report covers three Trust Service Criteria: Security (CC criteria) — ensuring the system is protected against unauthorized access; Availability — ensuring the system is accessible for operation and use as committed; Confidentiality — ensuring information designated as confidential is protected.
Enterprise and regulated-industry customers often require vendor SOC 2 reports as part of their vendor risk management process. Zignature provides the full SOC 2 Type II report summary to customers under NDA, and answers security questionnaires based on the audit findings — simplifying your vendor approval process.
From simple agreements to complex multi-party workflows.
Security teams at enterprise customers require SOC 2 reports before approving new SaaS vendors — Zignature provides the report on request.
Healthcare organizations often require SOC 2 Type II as part of HIPAA vendor evaluation, alongside the BAA.
Banks, wealth managers, and insurance companies require SOC 2 reports to satisfy OCC, FINRA, and SEC vendor oversight requirements.
Government contractors and agencies increasingly require SOC 2 as a baseline security certification for cloud service vendors.
Investors conducting technical due diligence on startups often require key vendor SOC 2 reports — Zignature's certificate supports your fundraising process.
Organizations pursuing ISO 27001 certification can use Zignature's SOC 2 as evidence of controls applied by their document signing vendor.
No training required. Send your first document today.
Pick from pre-built compliant templates or upload your own document — our system applies the right compliance rules automatically.
Enable HIPAA BAA, GDPR DPA, identity verification, or QES as required for your regulatory environment.
Recipients get a secure link and are guided through the signing process with all required disclosures and consent flows.
Every transaction is sealed with a tamper-proof certificate of completion — ready for audits, regulators, and legal proceedings.
Here's exactly how Zignature satisfies each specific regulatory requirement — with citations.
| Requirement | Regulation Citation | How Zignature Satisfies It | Met |
|---|---|---|---|
| Security Controls (CC6 Series) |
CC6.1–CC6.8
|
Access controls, encryption at rest and in transit, pen testing | |
| Change Management (CC8) |
CC8.1
|
Formal change management with testing and approval procedures | |
| Risk Assessment (CC3) |
CC3.1–CC3.4
|
Annual risk assessment, threat monitoring, and vulnerability management | |
| Availability (A1) |
A1.1–A1.3
|
99.9% uptime SLA with documented and tested recovery plan | |
| Confidentiality (C1) |
C1.1–C1.2
|
Confidential data classified and protected at all lifecycle stages |
SOC 2 Type II certified. Trusted by healthcare, finance, and enterprise teams.
Everything you need to know.
SOC 2 (System and Organization Controls 2) is a framework developed by the American Institute of CPAs (AICPA) for assessing the security controls of service organizations. Type II certification means the auditor has not only verified that controls are designed appropriately (Type I) but also tested that those controls operated effectively over an extended period — typically 6-12 months.
Zignature's SOC 2 Type II report covers Security (Common Criteria), Availability, and Confidentiality. Security is the foundational criterion required for all SOC 2 reports. Availability covers system uptime and performance commitments. Confidentiality covers protection of information designated as confidential by customers.
Yes. Enterprise and business customers can request Zignature's SOC 2 Type II report summary under a mutual NDA. Contact security@zignature.io or reach out through the enterprise sales team to initiate the report sharing process. Report request turnaround is typically 2-3 business days.
SOC 2 and HIPAA are separate frameworks. SOC 2 verifies general security controls. HIPAA compliance requires specific healthcare data handling practices and a signed Business Associate Agreement. Zignature is both SOC 2 Type II certified and HIPAA compliant — both certifications are needed for healthcare use cases.
Zignature's SOC 2 Type II audit is conducted annually by an independent AICPA-accredited audit firm. Each annual audit covers a 12-month audit period, providing continuous assurance that controls have operated effectively throughout the year. Customers can request the current year's report and prior year's report for trend analysis.
Yes. Zignature conducts annual third-party penetration testing of its application and infrastructure. A summary of penetration test findings and remediation actions is available to enterprise customers alongside the SOC 2 report, upon request and under NDA.
Zignature's SOC 2 report includes its reliance on AWS infrastructure, which is itself SOC 2 Type II certified. The Zignature report documents the controls Zignature implements above AWS's infrastructure controls — creating a complete control stack from infrastructure to application.
Yes. Zignature's security team will complete standard vendor security questionnaires using the SOC 2 audit findings as the evidence base. Common questionnaire frameworks (SIG, VSA, CIS, CAIQ) are supported. Contact security@zignature.io to initiate the questionnaire completion process.