ContractWorks Announces SOC 2 Compliance

ContractWorks is pleased to announce another meaningful step in our ongoing efforts to protect customer data with industry leading safety and security.

SecureDocs, Inc., the parent company of ContractWorks contract management software, has successfully completed its SOC 2 Type 2 audit. In doing so, SecureDocs, Inc. maintains its adherence to one of the most stringent, industry-accepted auditing standards for service companies and provides additional assurance to its clients, through an independent auditor, that its business process, information technology, and risk management controls are properly designed.

What is a SOC 2 audit?

SOC 2 engagements are based on the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria. SOC 2 audit reports focus on a Service Organization’s non-financial reporting controls as they relate to Security, Confidentiality, and more.

SecureDocs, Inc.’s SOC 2 audit report covers the following criteria:

• Security – Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity’s ability to achieve its objectives. 

• Availability – Information and systems are available for operation and use to meet the entity’s objectives.

• Confidentiality – Requires companies to demonstrate the ability to protect confidential information throughout its lifecycle, including collection, processing, and disposal. 

The official audit report provides a thorough review of SecureDocs, Inc.’s internal controls, policies, and processes for its software-as-a-service offerings. It also reviews SecureDocs, Inc.’s processes relating to risk management and subservice (vendor) due diligence, as well as SecureDocs, Inc.’s entire IT infrastructure, software development life cycle, change management, logical security, network security, physical & environmental security, and computer operations.

SOC 2 Type 1 vs. SOC 2 Type 2

There are two different types of SOC 2 reports, Type 1 and Type 2. As mentioned previously, SecureDocs, Inc. has obtained a SOC 2 Type 2 report. Here’s the difference:

SOC 2 Type 1 - This is an assessment of an organization’s policies and procedures at a specific point in time (one day).

SOC 2 Type 2 - This is an assessment of an organization's controls over a period of time to ensure that a business adheres to their policies on an ongoing basis. 

Why SOC 2 is important for ContractWorks customers

Businesses around the world trust ContractWorks CLM software to protect their confidential information. The team at ContractWorks has always gone to great lengths to keep customer data safe, and continues to make data security a top priority. By obtaining a SOC 2 Type 2 audit report, SecureDocs, Inc. has demonstrated its commitment to data security and to protecting customer information.   

"We are pleased that our SOC 2 report has shown that we have the appropriate controls in place to mitigate risks related to the services we provide to our customers,” said CEO Will Reynolds. “Our clients trust us to protect their sensitive corporate information at all times, and this report serves as another example of how we’re doing that.”

To learn more about the security features and protocols ContractWorks deploys to ensure customer data is always protected, visit our Security page.