PandaDoc signature certificate isn't sufficient for my client's compliance standards.

Particular agencies need to work with vendors that comply with CJIS standards. More information here: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center

I’m pretty confident I should be able to break through the Merge Field bit as I’m sure I’m just doing something daft, but I don’t see how the WebHooks work.

When I provide an endpoint for PandaDoc to call, how do I set any headers or authentication? We don’t allow anything to make completely unauthenticated connections regardless of their origins. There’s mentions of shared keys that can be provided by Panda, but the challenge my end remains that if you cant authenticate with me, we wont even get as far as accepting the request.

Authentication procedure for approver (password, etc).

Option to send document on multiple recipient but will hide other email once they receive it.

When certain items in an order form have been changed (for example governing law, payment terms, etc), there is no approval triggered. As a result of this, legal has to review the entire order form all the time. If would be very beneficial when you could trigger an approval workflow when certain text or content is changed. For example, when the payment term is changed from the default (or default options in a dropdown), the approval workflow for approval by Finance is automatically required.

Option to add approval info to the signature certificate, for example, "Read and approved"

Ability to see and kick-out any devices logged-in to the PandaDoc account.

If the Recipient did not enter the verification code correctly after 3 times, the signature field should be cleared. The recipient should have to resign the document again. The sender should also be notified that the code was not entered correctly.

Ability to upload an image (picture of signer) for validation.

Concern of security of Webhooks in the dashboards (users have access into the dashboard and can adjust/delete Webhooks; also no audit capabilities)
Need to get this behind a security role/wall

I would like to enforce Google login for my company's users. Please provide settings where I can specify my company's email domain and specify that local passwords not be permitted for users with this email domain.

This is a simpler configuration option than setting up Google as a SAML IdP.

Ability to change the certificate so it's from qualified trust service provider according to EU applying Regulation (EU) 910/2014.

Password change notification.

ISO 9001.