If you buy a signing key from (e.g. VeriSign), then you can use this to sign your macro code. When a user opens a file containing your signed code, what happens then depends on the "macro security level" they have set. Let's assume it's at the highest level, which would silently prevent any un-signed code from running.
In this case, they will be told that they file is signed by (your company name) and asked if they wish to run it. They'll be asked this every time they open the file. However, there's also a check-box titled "always trust macros from this publisher" - if they tick that, then any signed code from your company will thereafter be run with no further prompting.
Note: the signature you buy from VeriSign has an expiry date - usually after a year or two. Unless you take some extra steps before signing your code, then the code will no longer run after the certificate expires(!). This can lead to a nasty shock when your users suddenly find that nothing works a year later.
To ensure that the code continues to work even after the certificate has expired, you need to add some values in the registry that specify a "time-stamp server" that will be used to time-stamp the signed code. This time-stamp is later used to validate that the code was signed with a certificate that was valid at the time of signing, as opposed to one that is valid now.
For information on how to do this, see this link.
