We take things seriously
At Dokobit, we are committed to maximum data security and adherence to regulations. As transparency is one of the principles our company is built on, we aim to be as clear and open as we can about the way we handle security and compliance. Don’t rely on clumsy solutions, your business is not a joke.
Our business operations, internal systems, development and support processes comply with ISO/IEC 27001 — the internationally recognised standard for leading information security management practices.
We are being audited annually for our practices by the globally-respected audit firm Bureau Veritas and we have certified our implemented Information Security Management System (ISMS) with the certification scope of “cloud-based services for e-signing, e-sealing, e-identification, validation of e-signature and e-seal, and related software development, delivery and support”.
Rigorously chosen service providers
You can find these business partners in our list of sub-processors.
Electronic signatures are not scribbled images on a document. Don’t lose out because of clumsy providers in the market that take legal things related to your documents for granted. At Dokobit, we take things seriously.
We have been developing our services from the ground up according to all the technical requirements of Regulation (EU) №910/2014 (eIDAS). Our services work only with Qualified Certificates, meaning that each signature produced with our help is uniquely and unambiguously linked to both the signer and the data signed. It is practically impossible to fake such signature or re-use it with a different or modified document. To top that off, we also back up each signature with a Qualified Timestamp, thus providing legal proof about the time it was produced.
All signatures produced with a help of our services meet the requirements for Qualified Electronic Signatures or Advanced Electronic Signatures supported by Qualified Certificates set forth under the eIDAS regulation. These signatures are accepted across the EU. We work with eID infrastructures in the EU member countries and support and rely only on Qualified Trust Service Providers listed in the European Union Trusted Service List.
Dokobit is the first Qualified Trust Service Provider for e-signatures and e-seals validation in the Baltics, supervised by a Member State Supervisory Body and included in the EU Trusted Service List.
Learn more about our validation practices and liabilities in our Signature Validation Service Practice Statement and Policy.
Service availability and business continuity
We have wide experience in supporting business critical processes and thus give careful attention to service availability. We constantly try to improve and invest great effort into securing your business continuity, but don’t just take our word for it — check our status to see for yourself how we measure up.
Recovery Point Objective (RPO)
Recovery Time Objective (RTO)
Maximum Tolerable Period of Downtime (MTPOD)
Proved Service Availability
Strong data encryption and data integrity
All our data is encrypted using Transport Layer Security (TLS) and AES-256 encryption algorithm. Data integrity is ensured by mirroring all data in two separate locations. In case of emergency, data and data integrity can be restored from backups with automated procedures wand Recovery Point Objective of 1 hour.
Dedicated security team
We have a dedicated personnel to manage and monitor all our services and infrastructure 24/7. Our team has incident management process with contingency plans, incident response playbooks and multiple levels of escalation.
Security vulnerabilities and bug bounties
We are committed to employ the best security practices in the industry. If you believe you have discovered a vulnerability in our services, we welcome the contribution of external security researchers and look forward to awarding them for their contribution to the security of all Dokobit users. Follow the disclosure guidelines defined in our Vulnerability Disclosure Policy.
We are fully insured against professional indemnity, privacy breaches and cyber attacks up to €1M. We hope we won’t have to make use of it but it surely provides extra comfort to us and our customers. We will maintain a valid insurance throughout the delivery of our services.
How to choose an e-signing solution provider
When entrusting your company documents to the partners, whether department or company-wide, not only the front-facing part of signing process matters; everything in the back – compliance with the regulations, qualification of services, information security, actual signature validity – can make all the difference in the world.
Be careful who you hand your data over to and beware not to slip on only supposedly declared compliance and hazy statements. Download the checklist to guide you through the most important aspects of choosing an e-signing solution provider.Download the checklist
- Terms of Service
- Acceptable Use Policy
- Data Processing Agreement
- List of Sub-Processors View
- Vulnerability Disclosure Policy View
- Dispute resolution View
- Signature Validation Service Practice Statement and Policy View
- Authentication-based signature creation policy for Norwegian BankID on Mobile View
- Authentication-based signature creation policy for Swedish BankID View
- Authentication-based signature creation policy for NemID View
- Authentication-based signature creation policy for MitID View
- Authentication-based signature creation policy for iDIN View
- Authentication-based signature creation policy for Finnish Trust Network View