Home » ZorroSign Delivers Global Privacy and Security Standards Compliance

Published on

ZorroSign Delivers Global Privacy and Security Standards Compliance

  • Name
    Michael Jones

ZorroSign’s primary focus is the security and privacy of our customers’ data.

Our technology platform was built for the highest levels of security and compliance—from our blockchain architecture to our patented 4n6 token, to our multi-factor authentication—all ensuring our platform is compliant with dozens of international privacy and security standards.


ZorroSign has implemented its own secure instance of Hyperledger Fabric—the world’s most trusted blockchain technology, created by the Linux Foundation—using proprietary technology. This blockchain architecture is permissions-based and requires users to authenticate themselves before making requests to read or write into the distributed ledger (i.e., the “blocks” on the “chain”) or taking any action that adds to the blocks on the ledger.

As a private blockchain, ZorroSign can ensure privacy is always maintained, as only approved nodes (endpoint users) can write to ZorroSign’s blockchain—as opposed to public blockchains (like Bitcoin and Ethereum) where anyone can be an endpoint and write to the blocks. As a result, ZorroSign’s architecture has even tighter privacy and security than other blockchains. If users make a change to the information recorded in one particular block of a blockchain, they cannot rewrite that block—instead, the change is stored or recorded in a new block along with the date and time of the change, permanently capturing the chronological changes to the document.

Further, ZorroSign’s platform was based on the Sherwood Applied Business Security Architecture (SABSA)—a proven methodology for developing business-driven, risk and opportunity-focused security architectures. We leverage Defense in Depth (DiD) mechanisms, such as AI-based Web Application Firewalls (WAFs), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and border routers. Plus ZorroSign brings personally identifiable information (PII) data security, 24/7 monitoring, business continuity/disaster recovery policies, security logging and incidence response via Elastic search Logstash and Kibana (ELK), and Microsoft Intune for unified endpoint management.


The ZorroSign patented Z-Forensics token is a digital seal that captures the complete audit trail and the document’s DNA. The token is encrypted and contains information on all the details about the transaction including timestamps, user authentication, document, and attachments.

The key benefits of ZorroSign’s blockchain and Z-Forensics token technology include immutability of chronological records, permissions-based private blockchain security and privacy of the users’ information (i.e., PII or PHI), fraud prevention, and lifetime escrow (as ZorroSign issues its own certificates that never expire).


With the growing number of data breaches affecting user authentication, protecting one’s account credentials has become a top priority. Many solutions are now moving towards a Zero Trust model where the user must prove their identity. While it used to be acceptable to rely on a username and password, the current industry standard is two-factor authentication which is rapidly evolving to MFA with password-less logins.

ZorroSign is proud to be the first to adopt password-less login amongst our digital signature competitors—validating what you know (i.e., your ZorroSign login password ), what you have (e.g., your laptop or mobile device), and who you are (e.g., biometrics such as fingerprints or eye iris on the device, securing who can access it).


This unique combination of security architecture and data privacy functionality grants ZorroSign compliance across many international standards for privacy and security, including but not limited to:

  • Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada: The Uniform Electronic Commerce Act (UECA)
  • EU: Data Protection Regulation (GDPR) for data privacy and security
  • EU: The electronic IDentification, Authentication and trust Services (eIDAS) regulation
  • India: The Information Technology Act 2000 (IT Act of India)
  • International Standard on Assurance Engagements (ISAE) No. 3402, Type II audited
  • International Organization for Standardization (ISO) 27001 certified
  • PDF Advanced Electronic Signatures (PAdES) is a set of restrictions and extensions to PDF and ISO 32000-1
  • UAE: Federal Law No. 1 of 2006 regarding Electronic Transactions and E-Commerce granting electronic signatures legal force and effect
  • USA: American Institute of Certified Public Accountants (AICPA) SOC 2 Type I audit
  • USA: California Consumer Privacy Act (CCPA)
  • USA: Department of Commerce’s National Institute of Standards and Technology (NIST) encryption standards
  • USA: The Digital Millennium Copyright Act (DMCA)
  • USA: The Electronic Signatures in Global and National Commerce Act (E-Sign Act)
  • USA: FDA Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures
  • USA: The Health Insurance Portability and Accountability Act (HIPAA)
  • USA: The Uniform Electronic Transactions Act (UETA)

We invite you to request a copy of our ZorroSign Security Brief for details on our private blockchain architecture, document storage and protection, and platform security measures today!