{"id":467,"date":"2025-12-29T06:54:09","date_gmt":"2025-12-29T06:54:09","guid":{"rendered":"https:\/\/volksample.com.au\/volksign\/?page_id=467"},"modified":"2026-01-21T06:29:02","modified_gmt":"2026-01-21T06:29:02","slug":"security","status":"publish","type":"page","link":"https:\/\/volksample.com.au\/volksign\/security\/","title":{"rendered":"Security"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Get enterprise-grade security for your most sensitive agreements<\/h2>\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tWe take your agreements as seriously as you do, which is why Docusign meets the most stringent global security standards.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

1. Information Security Program<\/h2>

1.1 Information Security Program<\/h4>

VolkSign maintains a comprehensive written information security program consisting of policies, standards, procedures, and related documentation that define the criteria, methods, and measures governing the processing and protection of Customer Content and the VolkSign systems or networks used to process or secure Customer Content (\u201cVolkSign Information Systems\u201d) in connection with providing the Services under the Agreement.<\/p>

1.2 Shared Responsibility<\/h4>

The security of data, including Customer Content accessed, stored, shared, or otherwise processed through VolkSign Services, is a shared responsibility between VolkSign and the Customer. VolkSign is responsible for implementing and operating its information security program, while the Customer is responsible for properly managing user access, permissions, and configuration of features within the Services.<\/p>

1.3 Personnel Confidentiality<\/h4>

VolkSign ensures that its personnel:<\/p>

  • Are bound by confidentiality obligations that provide protection for Customer Content; and<\/p><\/li>

  • Receive appropriate training related to the processing and protection of Customer Content.<\/p><\/li><\/ul>

    2. Security Controls<\/h2>

    In accordance with its information security program, VolkSign implements commercially reasonable physical, organizational, and technical controls designed to:<\/p>

    • Ensure the security, integrity, and confidentiality of Customer Content; and<\/p><\/li>

    • Protect Customer Content against anticipated threats, unauthorized access, accidental loss, alteration, or disclosure.<\/p><\/li><\/ul>

      2.1 System Updates<\/h4>

      VolkSign maintains processes to keep VolkSign Information Systems up to date with relevant upgrades, patches, bug fixes, and new versions.<\/p>

      2.2 Firewalls<\/h4>

      Firewalls are configured and maintained to protect Customer Content and VolkSign\u2019s non-public systems.<\/p>

      2.3 Anti-Malware Protection<\/h4>

      VolkSign uses up-to-date anti-malware and anti-virus solutions with automatic updates to mitigate risks from malicious software, including viruses, ransomware, spyware, and other threats.<\/p>

      2.4 Security Testing<\/h4>

      VolkSign regularly tests its security systems, processes, and controls to verify effectiveness and compliance with these Security Practices.<\/p>

      2.5 Access Controls<\/h4>

      VolkSign maintains access control policies governing personnel access to VolkSign Information Systems:<\/p>

      • Unique user IDs are assigned to authorized personnel<\/p><\/li>

      • Access is limited to individuals with a legitimate business need<\/p><\/li>

      • Access rights are reviewed periodically and revoked when no longer required<\/p><\/li>

      • Strong password policies and multi-factor authentication are enforced<\/p><\/li>

      • Default system passwords are not used<\/p><\/li>

      • Credentials must remain confidential and are not shared<\/p><\/li><\/ul>

        2.6 Security Policies<\/h4>

        VolkSign enforces information security, confidentiality, and acceptable use policies and monitors compliance.<\/p>

        2.7 Environment Separation<\/h4>

        Development and testing environments are logically separated from production systems that process Customer Content.<\/p>

        2.8 Secure Deletion<\/h4>

        VolkSign follows industry-recognized standards, such as NIST SP 800-88, to ensure Customer Content is rendered unrecoverable before media disposal.<\/p>

        2.9 Remote Access<\/h4>

        Remote access to private VolkSign networks requires encrypted VPN connections with multi-factor authentication.<\/p>

        2.10 Encryption<\/h4>

        VolkSign uses industry-standard encryption consistent with recognized security frameworks to encrypt Customer Content both in transit and at rest. Only encrypted connections are permitted for data transfer.<\/p>

        3. Use of Third Parties<\/h2>

        3.1 Third-Party Security<\/h4>

        Any third parties engaged by VolkSign are required to maintain security standards comparable to those outlined in these Security Practices.<\/p>

        3.2 Data Hosting<\/h4>

        VolkSign may use third-party cloud service providers to host and process Customer Content. Such providers maintain industry-standard physical and technical safeguards and conform to recognized security certifications such as ISO 27001 or equivalent.<\/p>

        These providers must:<\/p>

        • Maintain physical access controls<\/p><\/li>

        • Use environmental monitoring and fire suppression systems<\/p><\/li>

        • Restrict access to authorized personnel<\/p><\/li>

        • Maintain business continuity and disaster recovery plans<\/p><\/li><\/ul>

          Annual independent audits and risk assessments are conducted for critical providers.<\/p>

          4. Business Continuity and Disaster Recovery<\/h2>

          VolkSign maintains a disaster recovery and business continuity program designed to restore Services following an incident. This includes:<\/p>

          • Regular backup validation<\/p><\/li>

          • Annual review of critical systems<\/p><\/li>

          • Periodic testing and updates of recovery procedures<\/p><\/li><\/ul>

            5. Security Incidents<\/h2>

            5.1 Incident Response<\/h4>

            VolkSign will notify Customers without undue delay upon confirmation of a Security Breach. Notifications will be sent to the Customer\u2019s registered contact email.<\/p>

            VolkSign will investigate, contain, and remediate Security Breaches in accordance with its incident response procedures and provide relevant information to support Customer compliance obligations.<\/p>

            5.2 Unsuccessful Attempts<\/h4>

            Attempts that do not result in unauthorized access\u2014such as port scans or failed login attempts\u2014are not considered Security Breaches.<\/p>

            5.3 Customer Responsibility<\/h4>

            Security incidents caused by Customer misconfiguration, credential compromise, or unauthorized sharing of access are not considered Security Breaches attributable to VolkSign.<\/p>

            5.4 Disclaimer<\/h4>

            VolkSign\u2019s response to a Security Breach does not constitute an admission of fault or liability.<\/p>

            6. Auditing and Reporting<\/h2>

            6.1 Monitoring<\/h4>

            VolkSign conducts ongoing monitoring, risk assessments, and security reviews.<\/p>

            6.2 Independent Audits<\/h4>

            Independent third-party audits may be conducted in accordance with recognized standards (such as SOC 2). Audit reports are treated as confidential and may be shared upon written request, subject to confidentiality obligations.<\/p>

            6.3 Penetration Testing<\/h4>

            VolkSign conducts regular penetration testing and vulnerability assessments performed by independent security professionals.<\/p>

            7. Definitions<\/h2>

            • Agreement<\/strong> \u2013 The contract governing use of the Services<\/p><\/li>

            • Customer<\/strong> \u2013 The individual or entity using VolkSign Services<\/p><\/li>

            • Customer Content<\/strong> \u2013 Any data, documents, or materials uploaded to the Services<\/p><\/li>

            • Process<\/strong> \u2013 Any operation performed on Customer Content<\/p><\/li>

            • Security Breach<\/strong> \u2013 Unauthorized access, loss, or disclosure of Customer Content<\/p><\/li>

            • Services<\/strong> \u2013 VolkSign\u2019s electronic signature and document management services<\/p><\/li>

            • VolkSign Personnel<\/strong> \u2013 Authorized individuals processing Customer Content<\/p><\/li>

            • User<\/strong> \u2013 Any authorized individual accessing the Services<\/p><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

              \n\t\t\t\t\t
              \n\t\t\t\t
              \n\t\t\t\t\t\t\t\t\t

              1. Information Security Program<\/h2>

              1.1 Information Security Program<\/h3>

              VolkSign maintains a comprehensive written information security program consisting of policies, standards, procedures, and related documentation that define the criteria, methods, and measures governing the processing and protection of Customer Content and the VolkSign systems or networks used to process or secure Customer Content (\u201cVolkSign Information Systems\u201d) in connection with providing the Services under the Agreement.<\/p>

              1.2 Shared Responsibility<\/h3>

              The security of data, including Customer Content accessed, stored, shared, or otherwise processed through VolkSign Services, is a shared responsibility between VolkSign and the Customer. VolkSign is responsible for implementing and operating its information security program, while the Customer is responsible for properly managing user access, permissions, and configuration of features within the Services.<\/p>

              1.3 Personnel Confidentiality<\/h3>

              VolkSign ensures that its personnel:<\/p>

              Are bound by confidentiality obligations that provide protection for Customer Content; and<\/p>

              Receive appropriate training related to the processing and protection of Customer Content.<\/p>

              \u00a0<\/div>
              \u00a0<\/div>

              2. Security Controls<\/h2>

              In accordance with its information security program, VolkSign implements commercially reasonable physical, organizational, and technical controls designed to:<\/p>

              Ensure the security, integrity, and confidentiality of Customer Content; and<\/p>

              Protect Customer Content against anticipated threats, unauthorized access, accidental loss, alteration, or disclosure.<\/p>

              2.1 System Updates<\/h3>

              VolkSign maintains processes to keep VolkSign Information Systems up to date with relevant upgrades, patches, bug fixes, and new versions.<\/p>

              2.2 Firewalls<\/h3>

              Firewalls are configured and maintained to protect Customer Content and VolkSign\u2019s non-public systems.<\/p>

              2.3 Anti-Malware Protection<\/h3>

              VolkSign uses up-to-date anti-malware and anti-virus solutions with automatic updates to mitigate risks from malicious software, including viruses, ransomware, spyware, and other threats.<\/p>

              2.4 Security Testing<\/h3>

              VolkSign regularly tests its security systems, processes, and controls to verify effectiveness and compliance with these Security Practices.<\/p>

              2.5 Access Controls<\/h3>

              VolkSign maintains access control policies governing personnel access to VolkSign Information Systems:<\/p>

              Unique user IDs are assigned to authorized personnel<\/p>

              Access is limited to individuals with a legitimate business need<\/p>

              Access rights are reviewed periodically and revoked when no longer required<\/p>

              Strong password policies and multi-factor authentication are enforced<\/p>

              Default system passwords are not used<\/p>

              Credentials must remain confidential and are not shared<\/p>

              2.6 Security Policies<\/h3>

              VolkSign enforces information security, confidentiality, and acceptable use policies and monitors compliance.<\/p>

              2.7 Environment Separation<\/h3>

              Development and testing environments are logically separated from production systems that process Customer Content.<\/p>

              2.8 Secure Deletion<\/h3>

              VolkSign follows industry-recognized standards, such as NIST SP 800-88, to ensure Customer Content is rendered unrecoverable before media disposal.<\/p>

              2.9 Remote Access<\/h3>

              Remote access to private VolkSign networks requires encrypted VPN connections with multi-factor authentication.<\/p>

              2.10 Encryption<\/h3>

              VolkSign uses industry-standard encryption consistent with recognized security frameworks to encrypt Customer Content both in transit and at rest. Only encrypted connections are permitted for data transfer.<\/p>

              3. Use of Third Parties<\/h2>

              3.1 Third-Party Security<\/h3>

              Any third parties engaged by VolkSign are required to maintain security standards comparable to those outlined in these Security Practices.<\/p>

              3.2 Data Hosting<\/h3>

              VolkSign may use third-party cloud service providers to host and process Customer Content. Such providers maintain industry-standard physical and technical safeguards and conform to recognized security certifications such as ISO 27001 or equivalent.<\/p>

              These providers must:<\/p>

              Maintain physical access controls<\/p>

              Use environmental monitoring and fire suppression systems<\/p>

              Restrict access to authorized personnel<\/p>

              Maintain business continuity and disaster recovery plans<\/p>

              Annual independent audits and risk assessments are conducted for critical providers.<\/p>

              4. Business Continuity and Disaster Recovery<\/h2>

              VolkSign maintains a disaster recovery and business continuity program designed to restore Services following an incident. This includes:<\/p>

              Regular backup validation<\/p>

              Annual review of critical systems<\/p>

              Periodic testing and updates of recovery procedures<\/p>

              \u00a0<\/div>

              5. Security Incidents<\/h2>

              5.1 Incident Response<\/h3>

              VolkSign will notify Customers without undue delay upon confirmation of a Security Breach. Notifications will be sent to the Customer\u2019s registered contact email.<\/p>

              VolkSign will investigate, contain, and remediate Security Breaches in accordance with its incident response procedures and provide relevant information to support Customer compliance obligations.<\/p>

              5.2 Unsuccessful Attempts<\/h3>

              Attempts that do not result in unauthorized access\u2014such as port scans or failed login attempts\u2014are not considered Security Breaches.<\/p>

              5.3 Customer Responsibility<\/h3>

              Security incidents caused by Customer misconfiguration, credential compromise, or unauthorized sharing of access are not considered Security Breaches attributable to VolkSign.<\/p>

              5.4 Disclaimer<\/h3>

              VolkSign\u2019s response to a Security Breach does not constitute an admission of fault or liability.<\/p>

              6. Auditing and Reporting<\/h2>

              6.1 Monitoring<\/h3>

              VolkSign conducts ongoing monitoring, risk assessments, and security reviews.<\/p>

              6.2 Independent Audits<\/h3>

              Independent third-party audits may be conducted in accordance with recognized standards (such as SOC 2). Audit reports are treated as confidential and may be shared upon written request, subject to confidentiality obligations.<\/p>

              6.3 Penetration Testing<\/h3>

              VolkSign conducts regular penetration testing and vulnerability assessments performed by independent security professionals.<\/p>

              7. Definitions<\/h2>

              Agreement<\/strong> \u2013 The contract governing use of the Services<\/p>

              Customer<\/strong> \u2013 The individual or entity using VolkSign Services<\/p>

              Customer Content<\/strong> \u2013 Any data, documents, or materials uploaded to the Services<\/p>

              Process<\/strong> \u2013 Any operation performed on Customer Content<\/p>

              Security Breach<\/strong> \u2013 Unauthorized access, loss, or disclosure of Customer Content<\/p>

              Services<\/strong> \u2013 VolkSign\u2019s electronic signature and document management services<\/p>

              VolkSign Personnel<\/strong> \u2013 Authorized individuals processing Customer Content<\/p>

              User<\/strong> \u2013 Any authorized individual accessing the Services<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

              Get enterprise-grade security for your most sensitive agreements We take your agreements as seriously as you do, which is why Docusign meets the most stringent global security standards. 1. Information Security Program 1.1 Information Security Program VolkSign maintains a comprehensive written information security program consisting of policies, standards, procedures, and related documentation that define the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"elementor_header_footer","meta":{"footnotes":""},"class_list":["post-467","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/volksample.com.au\/volksign\/wp-json\/wp\/v2\/pages\/467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/volksample.com.au\/volksign\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/volksample.com.au\/volksign\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/volksample.com.au\/volksign\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/volksample.com.au\/volksign\/wp-json\/wp\/v2\/comments?post=467"}],"version-history":[{"count":40,"href":"https:\/\/volksample.com.au\/volksign\/wp-json\/wp\/v2\/pages\/467\/revisions"}],"predecessor-version":[{"id":1094,"href":"https:\/\/volksample.com.au\/volksign\/wp-json\/wp\/v2\/pages\/467\/revisions\/1094"}],"wp:attachment":[{"href":"https:\/\/volksample.com.au\/volksign\/wp-json\/wp\/v2\/media?parent=467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}