DocuSign
Certifications & attestations
| Certification | Status | Source | Last verified |
|---|---|---|---|
| SOC 1 Type II Annual audits across production operations including data centers. | Verified | vendor source ↗ | June 10, 2026 |
| SOC 2 Type II | Verified | vendor source ↗ | June 10, 2026 |
| ISO 27001 ISO 27001:2022, plus ISO 27017:2015 and ISO 27018:2019. | Verified | vendor source ↗ | June 10, 2026 |
| PCI DSS PCI DSS v4.0 as both service provider and merchant; listed on the Visa Global Registry of Service Providers. | Verified | vendor source ↗ | June 10, 2026 |
| BSI C5 C5 Type II for the eSignature product (German Federal Office for Information Security). | Verified | vendor source ↗ | June 10, 2026 |
| FedRAMP FedRAMP Agency authorization for Docusign Federal (eSignature & IAM) and Docusign CLM; GovRAMP and DoD IL4 also held — scope differs from the commercial product. | Verified | vendor source ↗ | June 10, 2026 |
| IRAP Australian IRAP assessment at PROTECTED level. | Verified | vendor source ↗ | June 10, 2026 |
| eIDAS Qualified Trust Service Provider Docusign France SAS is a qualified TSP on the EU Trusted List (ANSSI); QSCD devices listed in the EU compilation. | Verified | vendor source ↗ | June 10, 2026 |
| CSA STAR Annual CAIQ on the CSA STAR registry. Binding Corporate Rules (processor + controller) and APEC PRP also held. | Verified | vendor source ↗ | June 10, 2026 |
→ Direct answer: Does DocuSign have SOC 2?
Subprocessors
Subprocessor extraction for DocuSign is pending.
Hosting & data residency
- Infrastructurenot yet recorded
- Data residencynot yet recorded
Trust documents & links
- Trust centerhttps://www.docusign.com/trust
- Security pagehttps://www.docusign.com/trust/security
- DPAnot yet recorded
- Status pagehttps://www.docusign.com/trust/system-status
Security incidents & disclosures
No incidents on record in the public sources we track, as of June 10, 2026. Absence of a record is not a guarantee — see methodology.
Change history
2026-06-10
Vendor added with a verified initial snapshot: SOC 1/2 Type II, ISO 27001:2022 (+27017/27018), PCI DSS v4.0, BSI C5 Type II, FedRAMP Agency authorization (Docusign Federal) with GovRAMP and DoD IL4, IRAP PROTECTED, eIDAS QTSP status (Docusign France), and CSA STAR confirmed against DocuSign's certifications page (docusign.com/trust/compliance/certifications, fetched 2026-06-10).