OneSpan SignThe name of the product documented on this website. It is software that provides a complete e-Signature Process Management platform for the Web, including preparing, distributing, reviewing, signing, and downloading documents. provides a complete Electronic Signature Process Management platform for the Web, including preparing, distributing, reviewing, signing, and downloading documents.
The following sections provide an introduction to OneSpan Sign:
- Deployment Scenarios
- Benefits of OneSpan Sign
- Account-Level Features
- Minimum Security Requirements
- Sandbox Data Retention Policy
- On-Premises Deployments
The product has two main functional sectors:
- OneSpan Platform (aka The Platform): This is the product's core transactional and business logic.
- OneSpan Sign Application (aka The Application): This is the product's front end. Users, administrators, and integrators can interact with the Application using its GUI, its API, its SDKs, or its connectors. The Application is built on our REST Integration Model.
OneSpan Sign customers can choose either of the following deployment scenarios:
- SaaS (Software as a Service)In a SaaS deployment, an instance of OneSpan Sign runs on a server that serves one or more client organizations. This service is managed by OneSpan. — The product is centrally hosted on the public Cloud. Customers access the product by subscribing to an online service.
- On‐premisesIn an on-premises deployment, an organization hosts their own instance of OneSpan Sign on their own servers behind their firewall. — The product is installed on the customer’s premises, usually behind a firewall.
All users — SaaS and on-premises — interact with the product via the Application.
The Application offers customers the following major benefits:
- All customers can use a rich GUI that is out-of-the-box. On-premises customers no longer have to develop a GUI from scratch, so the expense and time required for an on‐premises deployment is much reduced.
- A Sender GUI enables users to manually create and manage e-signature transactions in a sender-driven (ad hoc) manner. Previously, on‐premises customers could create and manage transactions only via a software-integration layer (i.e., "straight-through processing" that is system-generated, with no manual intervention). Now these customers can create and manage transactions either way, or both ways.
- Customers can use built-in connectivity to various third-party applications (e.g., Salesforce, Microsoft SharePoint).
- The Application is built on a REST Integration Model that: (1) is easy to use; (2) reduces the time and expense required for an on‐premises deployment.
- Because the REST Integration Model can serve both SaaS and on-premises deployments, on-premises customers can do rapid prototyping on the Cloud to help them design, test, and perfect their on-premises solution. This provides a quicker time‐to‐market because they can do early coding in the SaaS environment, deploying on-premises when they’re ready to go live.
OneSpan Sign is committed to protecting the security of its customers’ data. To ensure that its systems remain current and up-to-date, they are regularly monitored and patched.
Although OneSpan Sign strives to support a large set of platforms, operating systems and browsers, it will not compromise on security. Should new vulnerabilities be discovered, OneSpan Sign will take all necessary steps to maintain its commitment to its customers. This may include, as deemed necessary: (1) updating its minimum security requirements for accessing the service; (2) dropping support for insecure algorithms, ciphers, platforms, operating systems, and browsers. To guarantee the security of the service and of customer data, access may be denied to systems that do not meet OneSpan Sign's minimum security requirements.
Customers are responsible for ensuring that their equipment remains secure according to current industry standards, including when they access OneSpan Sign. They should recognize that using unsupported platforms introduces a security risk, since vendors of unsupported platforms no longer offer security fixes for new vulnerabilities.
To stay current with recent vulnerabilities and to preserve system integrity and data security, OneSpan Sign's minimum security requirements are subject to change without notice. For additional related information, see Minimum Requirements for Signers and Senders, Enhanced Security Standards and Dropping Support for TLS.
The following Data Retention Policy applies to OneSpan Sign's Sandbox environment:
- Any transaction older than 90 days — including signed documents and Audit Trails — will be removed from the OneSpan Sign service on a rolling basis.
- Purged transactions will no longer be accessible via OneSpan Sign's GUI, its API, its SDKs, or its connectors.
- This policy affects draft, sent, expired, and completed transactions. However, templates and layouts are not affected.
To learn more about on-premises deployments of OneSpan Sign, see the On-Premises Deployment Guide.