Skip to main content

Security & Compliance Centre

We deliver business-critical services to Europe's largest companies. Security, privacy and compliance are our top priorities. Our trusted services are always delivered in line with regulatory and best practice requirements.

Over 13,000 companies trust Signicat as a certified, secure partner.

We take trust very seriously

When you work with Signicat, you place your trust in a business partner who is committed to rigorous information security, data privacy and adherence to regulations.

  • eIDAS compliant

    Our services are developed according to eIDAs regulation, and Signicat is a Qualified Trust Service Provider (QTSP).

  • Strict data privacy

    We always provide a GDPR-compliant DPA when processing personal data on behalf of our customers.

  • Bank-grade security

    Our operations, systems, development and support processes comply with ISO/IEC 27001, SOC2 and more.

By partnering with Signicat, we found a one-stop shop for all our identity needs. With the full range of identity management services provided by Signicat, we have now created our own Bank Norwegian identity that gives our customers a seamless experience without compromising on security.

Bank Norwegian, a part of NOBA Bank Group AB (publ) logo
Bank Norwegian, a part of NOBA Bank Group AB (publ)
Compliance

Signicat certifications

To meet the very latest security and data protection requirements, all of our services are subject to strict rules and regularly checked by independent specialists.

    Qualified Trust Service Provider

    Signicat provides Qualified Trust Services in different geographical areas, issuing both qualified time-stamps as well as qualified certificates for electronic signatures and electronic seals.

    ISO/IEC 27001:2013

    Signicat's operations, systems, development and processes comply with ISO/IEC 27001 — the internationally recognised standard for leading information security management practices. ISO/IEC 27001 helps us protect information as follows:

    • Confidentiality ensures that information is only available to authorised parties
    • Integrity ensures that the information handling methods are accurate and complete
    • Accessibility ensures that authorised users have access to information and associated assets when needed

    ISO 27001:2017 (for Signicat Spain)

    This international standard is designed to set requirements for the establishment, implementation, maintenance and continuous improvement of an information security management system.

    Signicat Spain is ISO/IEC 27001 certified.

    ISO 25000

    ISO/IEC 25000 also known as SQuaRE (System and Software Quality Requirements and Evaluation), is a series of standards aiming at creating a common framework for the evaluation of software product quality. Our Certificate of Functional Adequacy measures the ability of the software product (VideoID) to provide functions that satisfy both stated and implied needs, provided that the product is used under the specified conditions.

    AICPA SOC 2

    Signicat delivers a SOC 2 (type 1 for 2018) (type 2 for 2019) attestation report to its customer. The SOC 2 report addresses a service organisation’s controls that relate to operations and compliance, as outlined by the AICPA’s Trust Services criteria in relation to availability, security, processing integrity, confidentiality and privacy.

    OpenID Certified

    Signicat is a certified OpenID Connect provider and has achieved OpenID Certification from the OpenID Foundation. OpenID Certification demonstrates that our implementation of OpenID Connect, a standard for user authentication and authorisation, meets the highest levels of security, interoperability, and usability.

    CPSTIC Services

    Signicat SLU's VideoID product is available in the ICT security products and services catalog of the Spanish National Cryptologic Center, within the category "Video Identification Tools", thus ensuring compliance with the ETD/465/2021 standard of May 6 and ETD/743/2022 of July 26, which regulates remote video identification methods for the issuance of qualified electronic certificates.

    ENS, National Security Framework

    The systems that supports the information of the services provided by Signicat SLU have been audited and found to comply with the requirements of RD 311/2022 on May 3rd, which regulates the National Security Scheme in the field of electronic administration.

    Therefore, Signicat SLU is certified in the National Security Framework at High level and reinforces the commitment to national regulatory compliance.

Electronic identity methods

eID certifications

    MitID

    Signicat is an certified broker of MitID. Companies must go through a broker in order to offer log-in and signing with MitID to their users. The broker concept has been introduced, among other things, to increase the security of MitID and to make the integration easier for companies. In order to be certified, a broker must meet requirements for security, business conduct, reporting, data processing, support and guarantees.

    FTN (Finnish Trust Network)

    Signicat is an approved identity broker for Finnish businesses, providing access to the Finnish Trust Network, by The Finnish Transport and Communications Agency (Traficom). Signicat offers strong electronic identification services for the public. The principles for strong identification have been established in Finnish legislation: Laki vahvasta sähköisestä tunnistamisesta ja sähköisistä luottamuspalveluista 533/2016, section 2.2§.

    eHerkenning Certified

    The Dutch Ministry of Economic Affairs has certified Signicat as an official eHerkenning broker. Partners and customers also recognise the power of our software, which means that our systems handle the majority of all login transactions.

    DigiD

    Signicat is a yearly audited and certified broker for the highly regulated DigiD authentication method from the Dutch Ministry of Internal Affairs.

    nPA (neue Personalausweis)

    As an identification service provider, Signicat has been authorized to read ID card data on behalf of customers since March 9, 2020 in accordance with certification according to §21b PAuswG. A prerequisite for secure and convenient registration with banks, insurance companies, mobile communications, and healthcare, but also in retail, especially in online shops.

    IDIN

    Signciat is an approved Digital Identity Service Provider (DISP) for iDIN, and offers merchants the possibility of integrating iDIN for different use cases and different options for technical integration to make it easier for merchants to use iDIN in their own technology stack.

Signicat is focused, has superb information systems, and all employees are very attentive to our needs. They are the best partner for secure ID.

Tonje Smith-Hansen Delivery Manager, Telia Norway logo
Tonje Smith-Hansen Delivery Manager, Telia Norway

Building trust into every signature

You'll notice The Signicat Stamp of Trust in several places as you sign documents Signicat e-signing solutions. When you see The Stamp, you know you can securely trust the service you’re using. The Stamp is a visible symbol of our commitment to excellence in digital identity verification and signing services.

Personal data and privacy

When processing personal data for our customers’ end users, Signicat will act as a data processor according to European data protection law. Signicat offers a Data Processing Agreement (DPA) that is aligned with GDPR and performs an annual audit of its compliance of the DPA with a report which is available for customers.

Signicat secures personal data through strong logical and physical access controls. All personal data is encrypted in transport, as processed in line with the Signicat Privacy Policy.

Trust and security from 35+ eIDs

Signicat's eID Hub is the world's most extensive, supporting over 35 government-issued electronic ID (eID) methods. These are often the most secure means available to validate identity, log in users and sign electronically.

Bank-grade security

Security and resiliency

We have broad experience in supporting business critical processes for regulated industries including banking, financial services, healthcare and more. Signicat delivers bank-grade security and invests great effort in securing your business continuity.

    Information security management

    Signicat organises its security work by implementing a Information Security Management System (ISMS) following and certified in line with the ISO/IEC 27001:2013 standard. We have a dedicated Security and Quality organisation lead by Signicat's CISO. The CISO leads and are part of Signicat's Information Security Board (ISB) which includes top-level management from different departments in Signicat. To ensure that the ISMS is performing and implemented in line with best practice we conduct an extensive audit program.

    Software as a Service (SaaS)

    All Signicat services are delivered as Software as a Service (SaaS) – this means that meeting the toughest security and compliance requirements of clients in regulated industries benefits all Signicat customers. Making our services secure is a primary concern for us, and it forces us to focus on security in the development and operations of our services. Signicat is continuously improving the management system and control implementation.

    Market-leading resiliency

    Signicat delivers a high degree of resiliency for our customers by leveraging market-leading cloud providers including Google Cloud. Our Digital Trust Platform architecture features physically separate data centres, with each service deployed with full redundancy across multiple availability zones. It also includes self-healing properties, enabling automatic recovery from hardware failures and automatic scaling to accommodate increased load. Additionally, it employs graceful failure modes to maintain seamless operations, ensuring robust and continuous service availability. 

    Audit rights and documentation

    Customers, regulators, and third-party auditors can request audit and inspection visits of Signicat’s operations, including our data centers. Data center audits involve staff from Google, Signicat, and the customer or their auditors.

    Documentation related to service security, privacy, and compliance of Google Cloud is freely available through Google’s self-service portals, with additional documentation requestable by Signicat on behalf of our customers.

Codes and policies

We strive for integrity, inclusiveness, sustainability and transparency in all we do.

  • Everyone should have an equal opportunity to use Signicat.com and all Signicat products. Our goal is to make our content as accessible as possible for all users. We are continually improving the user experience for everyone and applying the relevant accessibility standards.

    Signicat Accessibility Statement

  • Signicat is committed to conduct business in a sustainable way as an employer, vendor, business partner and community member. At Signicat, sustainability is the way we manage and operate our business to best serve our employees, customers, care for the environment, drive long-term prosperity and build a trusted digital world.

    Signicat Sustainability Policy

  • The Whistleblower Policy has been established to enable for Signicat representatives to address any misconduct against the core values or Code of Conduct in a secure and appropriate manner.

    Signicat Whistleblower Policy

  • Signicat is putting great efforts into complying with the requirements put forward in the Equality and Discrimination Acts (LDL §26), especially with regards to ethnicity, religion, disability, and sexual orientation.

    Signicat Diversity and Inclusion Policy

  • Signicat has adopted this Code of Conduct, to make sure that we are aware of our expectations and standpoint on sustainability. This Signicat Code of Conduct is based on the ten principles of the United Nations’s Global Compact.

    Signicat Code of Conduct

  • Our 2023 Norwegian Transparency Act Report is available here.