• certified-AWS Icon.png

    AWS Data Centers


    Certified AWS Data Centers

    ISO 27001 Certified with SOC 1, 2 & 3 Reports

    Amazon Web Services (AWS) data centers are ISO 27001 certified, offer SOC 1, 2 & 3 reports, and are physically secure with protective measures that restrict ingress and egress. These measures include electronic keycards, pin codes, and biometric hand scans. Additionally, onsite security officers guard the data centers 24 hours a day, 365 days a year. Offsite backups are also included as a protection against hardware failure, theft, virus attack, deletion, and natural disaster.

    ContractWorks also offers automatic encrypted online hourly backups. We store all information in multiple data centers, which are located in geographically separate locations for both our United States and European Union-based data centers, as a protection against hardware failure, theft, deletion, and natural disaster.

  • encrypted secure document storage

    Encryption of Data

    contract security features


    256-bit encryption of all data, both in transit and at rest

    All connections are protected using TLS 1.2 with a 256-bit symmetric encryption and 2048-bit authenticated key agreement. Passwords are masked with a separate salt and encrypted with Bcrypt and enforced minimums for length and complexity. While at the data centers, all data remains encrypted using 256-bit AES, which is certified for use by the U.S. Government for top-secret documents.

  • secure identity management

    SAML 2.0/Single-Sign-On (SSO)

    Easy identity management

    Single-Sign-On (SSO) using the SAML 2.0 Standard

    Easy, secure identity management for organizations 

    With Single-Sign-On (SSO) using the SAML 2.0 standard, you can easily sign into one central program such as Microsoft Active Directory, OneLogin, or Okta to access many of your business applications including ContractWorks. Users can be added and removed easily and company-wide password policies can be enforced and maintained for all business applications, enhancing security. SSO removes the need for users to remember and manage multiple passwords, eliminating wasted time on resetting passwords. 

  • access-control.png


    contract security

    Access Control

    Granular permission settings provide complete access control

    The ContractWorks client at the “Administrator” level is the only individual with the ability to invite other users, including inviting other administrators. When inviting users, administrators can select specific permission settings for each person invited.

  • secure document storage with audit trail reporting

    Audit Trail Reporting

    secure document storage with audit trial reporting

    Audit Trail Reporting

    Know who’s doing what in your account

    Audit trail reporting allows administrators to see every click registered in the system. Reports include user, date, time, and actions taken and can be exported to Excel. Administrators can also select to have an audit report automatically emailed to them on a daily basis.

  • contract security with two factor authentication

    Multi-Factor Authentication

    secure document stoarge with two-factor authentication

    Multi-Factor Authentication

    An additional security layer to protect your account

    Multi-Factor authentication offers a simple yet highly effective protection against cyber security attacks by requiring a second piece of information to access your secure contract repository.

    SMS Authentication:

    A five-digit SMS code is sent to the registered phone number and is needed for access. ContractWorks’ 2FA works worldwide. Users have the option to remember registered computers for thirty days.

    Authentication App:

    ContractWorks offers an additional authentication option that can be used as an alternative to SMS authentication.

    This process involves first installing an authentication app such as Google Authenticator on any smartphone. Upon first set-up, ContractWorks will produce a QR code that is then scanned using the authentication app. The authentication app will produce a one-time six-digit verification code which the user must enter in addition to their username and password to login into ContractWorks. This process works securely as a secret key is passed between ContractWorks and the authentication app. A new one-time secret key is used each time the user logs in. This process makes it more difficult for an outside party to gain access to a ContractWorks account by just having a username and password alone. 

Additional Features Designed for Contract Security

secure documnet storage features


Administrative controls allow view-only access, which will automatically disable printing.

advanced contract security


ContractWorks will automatically log a user off after 60 minutes of inactivity.

increase contract security with watermarks


Personally-identifiable watermarks remind the user that information is confidential.


Download ContractWorks Security Documentation

If you want more information on our security or would like to share this information, please download our security documentation.

Download Now

Ready to take control of your contracts?

Get started with ContractWorks today, and find out how easy it is to quickly organize and manage your documents.

Try It Free
Request Demo