Enterprise assurance is grounded in artefacts your teams can review directly rather than generic claims. VaseSign does not assert completion of an independent audit, ISO certification, or SOC report on this page unless a dated attestation has been explicitly published for your deployment — ask during diligence if such materials exist for your contract term.
Documents commonly shared under NDA
- Architecture overview — logical components, trust boundaries, and integration points relevant to your workspace.
- Security controls summary — mapping of controls to domains such as identity, logging, encryption, and incident response (tailored to tier).
- Data flow summary — movement of customer content, metadata, and logs across VaseSign and configured subprocessors.
- Sample Data Processing Agreement (DPA) — baseline processor terms for negotiation against your privacy programme.
- Sample evidence pack — exemplar exports illustrating completion, audit, and validation artefacts for representative workflows.
- Penetration test summary — high-level results and remediation themes when a current engagement exists and disclosure is authorised for your procurement cycle; absence of a published summary does not imply testing did not occur — it may be withheld pending remediation or legal review.
How to proceed
Request materials through your VaseSign account executive or via Trust & security contact. Allow time for mutual NDA execution before detailed diagrams or test excerpts are released.
Start with public pages on Security architecture and Evidence pack before scheduling deep dives.