Proposal security 101: What you need to know about cloud-based document security

Kathleen Smith Kathleen Smith
Proposal security 101: What you need to know about cloud-based document security

When you’re worried about sealing the deal with a proposal that you’re about to present to a potential client, security is probably the farthest thing from your mind. That’s why it’s important to do your homework before you start using a proposal solution so that you can have the peace of mind to focus on winning deals instead of if your proposal software is putting your company at risk.

So, here’s what you’ll need to think about, security-wise, when choosing a document automation platform:

IDK, IDC: Alphabet soup actually matters, K?

Do you know what all of those commonly-cited acronyms mean when it comes to document security? You’ve probably seen the same language pop up repeatedly in descriptions for various SaaS platforms, so let’s shed some light on these terms once and for all and why they’re important to document security.

  • SSL encryption protocols
    SSL, which stands for secure socket layer, is an internet security protocol that creates a safe link between your computer and the server you’re connecting to. That means that sensitive information like credit card data or the content of your documents can be transmitted securely.
    HTTPS is a counterpart in internet security to SSL. It guarantees that the information going to the server is encrypted and secure. When you see “https” in a URL, it identifies the site as secured over an SSL connection.
  • AES-256 encryption
    You may see that your document solution has AES-256 encryption. Encryption allows the sender of a set of data to scramble their data before transmitting it, so that only the intended recipient (a website, server, etc.) can unscramble, or decrypt, the data using a predetermined set of keys or cipher. This type of encryption is used to protect national security systems and is approved by the NSA for top secret communications.
  • ISO 27001 compliant infrastructure
    This certification means that the platform’s infrastructure meets the high standards of EY CertifyPoint, an independent and impartial third-party that vets data security compliance.
  • UETA and the Federal ESIGN Act
    These acronyms aren’t security-related, but instead, they refer to the legal validity of eSignatures in the United States, specifically. (Other countries have equivalent legislation, so it’s worth reading up on if you’re not located in the United States.)

    In 47 of the United States as well as Washington D.C, Puerto Rico and the U.S. Virgin Islands. Section 7 of the Uniform Electronic Transactions Act, or UETA, says that electronic signatures are equal in legal stature to ink signatures.

    ESIGN, or the Electronic Signatures In Global and National Commerce Act, was passed in 2000 by the United States Congress and further legitimizes the use of eSignatures in interstate and foreign commerce for U.S.-based businesses.

Also important: Where your data resides

The data that comprises your proposals and documents has to “live” somewhere since we’re talking about cloud-based platforms and not local software. So, you should have an interest in where your data is stored and how secure (and reliable) your document solution’s cloud storage provider is. 

One of the web’s most trusted cloud storage services is Amazon Web Services, or AWS. It’s used by organizations like Dow Jones, Adobe, Slack, Lyft, the FDA and the CDC, just to name a few. AWS touts a 99.95% up-time which means that it’s one of those most dependable when it comes to keeping your data live and ready to access.

But just to be clear: no host is totally infallible and can guarantee 100% up-time, and AWS is a prime example. One small human error led to five hours of downtime in September due to a small (but mighty!) human error; a typo. This doesn’t mean data is compromised or lost but that it was offline for a brief period of time and quickly came back online the same day once AWS identified the error and remedied it.

Does your proposal software back it up?

Another important element of data security is backups, to provide a...well, the event of permanent data loss. So the question you should be asking is, does your document automation tool automatically backup your data, and is that backup secure?

Here’s a breakdown of how PandaDoc meets and exceeds security protocols for a cloud-based application. Want to learn more or have a specific question? Get in touch here.


See also: