At PDF Butler, security and compliance are the foundation of everything we do. Along with meeting key certifications and legal requirements, we take extra steps to keep our platform safe and reliable, like running regular security tests and system checks.
In this blog post, we’ll share how PDF Butler and SIGN Butler follow regulations like GDPR and HIPAA, meet global signature standards, and go the extra mile with additional security measures to protect your data.
PDF Butler: ISO-Certified, GDPR, and HIPAA Compliance
ISO Certification
PDF Butler is ISO/IEC 27001 certified, the gold standard for information security management systems (ISMS). This certification demonstrates that we have implemented robust systems to manage risks related to data security, following internationally recognized best practices.
General Data Protection Regulation (GDPR)
The GDPR, which took effect in 2018, is a European Union data protection regulation designed to safeguard the personal data of EU citizens. It applies to any organization that handles EU residents’ data, even if the organization is not based in the EU.
PDF Butler is fully compliant with GDPR. We do not store transactional data or generated documents, and we have no direct access to client systems. Our solution processes data in memory only, ensuring nothing is stored in files or databases. Customers configure their Salesforce org to indicate which data PDF Butler can process, giving them complete control over what is shared.
Health Insurance Portability and Accountability Act (HIPAA)
PDF Butler complies with the Privacy Rule under HIPAA, which sets national standards for protecting individuals’ health information (PHI). Our services ensure that PHI is processed securely, meeting all HIPAA requirements for use, disclosure, and protection.
Additional Security Initiatives: Penetration Testing and Continuous Monitoring
To ensure our systems remain resilient against evolving cyber threats, all our products undergo rigorous penetration testing on an annual basis. This process involves simulating real-world attacks to identify and address any potential vulnerabilities in our infrastructure. By proactively seeking out and mitigating weaknesses, we provide you with the confidence that your data is handled with the utmost care and protection.
We also believe in the importance of continuous monitoring and improvement. In addition to our annual penetration tests, we perform surprise tests over our services to ensure that our security measures are always up to par. We also conduct regular stress tests to ensure that our systems can handle unexpected spikes in traffic. By proactively testing our systems in a variety of ways, we can ensure that they are always secure and reliable.
SIGN Butler: Compliance and Signature Certifications
Compliance and Legal Standards
US ESIGN Act Compliance:
Our electronic signature tool is fully compliant with the U.S. Electronic Signatures in Global and National Commerce Act (ESIGN Act). This means that our tool meets all of the requirements for electronic signatures to be legally binding in the United States.
The ESIGN Act provides a legal framework for the use of electronic signatures in interstate and foreign commerce. It states that a contract or other record relating to a transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation. Our tool uses industry-standard security measures to ensure that your electronic signatures are secure and legally binding.
FDA 21 CFR Part 11 Compliance
Our organization is committed to complying with all applicable laws and regulations, including FDA 21 CFR Part 11. This regulation sets forth the requirements for electronic records and signatures in the pharmaceutical industry. We have implemented a number of controls to ensure that our systems and processes are compliant with Part 11, including:
- Validating our systems to ensure that they meet the requirements of Part 11
- Implementing controls to ensure the integrity and security of electronic records.
- Training our employees on the requirements of Part 11
We are confident that our systems and processes are compliant with FDA 21 CFR Part 11. We are committed to providing our customers with high-quality products and services that meet their needs and expectations.
EU eIDAS Compliance
SIGN Butler adheres to the eIDAS regulation, creating a secure, efficient framework for electronic transactions across the EU.
eIDAS is an EU regulation that established a legal framework for ensuring electronic transactions are safer, faster, and more efficient, no matter the EU country they occur in. The goal of the eIDAS Regulation is to encourage the creation of a single European market for secure e-commerce.
Certificate of Completion
The Certificate of Completion (CoC) is a special document that provides key details about a SIGN Request, such as the request ID, name, and originator. It also completes all details of the SIGN Request Audit Trails, listing every audit trail item and the signatures placed. Once created, the CoC PDF is sealed, ensuring it cannot be altered by anyone. Learn more.
Salesforce Audit Trail
SIGN Butler creates a detailed, tamper-proof audit trail for every signature process. Using signed hashes and linked records, we ensure the chain of evidence remains intact and secure.
As this Audit Trail is important evidence, SIGN Butler makes sure it is not tampered with. To make no record can be tampered with, we calculate a signed hash on every record in the Audit Trail, next to that, we link every record the previous record so that the chain cannot be broken. The first record in the chain is the SIGN Request record itself. Also on the SIGN Request record, there is a Signed Hash.
Signature Certifications
1.Adobe Approved Trust List (AATL)
SIGN Butler certificates are trusted globally by Adobe Acrobat and Reader, thanks to our integration with the AATL program.
The Adobe Approved Trust List is a program that allows millions of users worldwide to create digital signatures that are trusted whenever the signed document is opened in Adobe® Acrobat® or Reader® software.
Our PRODUCTION signatures are automatically trusted by Adobe® Acrobat® or Reader® software SIGN Butler Certificates are AATL. Our certificates are provided by Entrust and are part of the AATL.
2. European Union Trust List (EUTL)
As part of the EUTL, SIGN Butler meets the highest compliance standards for EU electronic signature regulations.
The European Union Trusted Lists (EUTL) is a public list of over 200 active and legacy Trust Service Providers (TSPs) that are specifically accredited to deliver the highest levels of compliance with the EU eIDAS electronic signature regulation.
Conclusion
At PDF Butler, we are committed to providing a secure, compliant, and reliable document automation platform. Whether you’re leveraging PDF Butler for GDPR and HIPAA-compliant document processing or using SIGN Butler for legally binding electronic signatures, you can trust that our solutions are built with your security in mind.
