AWS Data Centers
Amazon Web Services (AWS) data centers are ISO 27001 certified, offer SOC 1, 2 & 3 reports, and are physically secure with protective measures that restrict ingress and egress. These measures include electronic keycards, pin codes, and biometric hand scans. Additionally, onsite security officers guard the data centers 24 hours a day, 365 days a year. Offsite backups are also included as a protection against hardware failure, theft, virus attack, deletion, and natural disaster.
ContractWorks also offers automatic encrypted online hourly backups. We store all information in multiple data centers, which are located in geographically separate locations for both our United States and European Union-based data centers, as a protection against hardware failure, theft, deletion, and natural disaster.
Encryption of Data
All connections are protected using TLS 1.2 with a 256-bit symmetric encryption and 2048-bit authenticated key agreement. Passwords are masked with a separate salt and encrypted with Bcrypt and enforced minimums for length and complexity. While at the data centers, all data remains encrypted using 256-bit AES, which is certified for use by the U.S. Government for top-secret documents.
SAML 2.0/Single-Sign-On (SSO)
With Single-Sign-On (SSO) using the SAML 2.0 standard, you can easily sign into one central program such as Microsoft Active Directory, OneLogin, or Okta to access many of your business applications including ContractWorks. Users can be added and removed easily and company-wide password policies can be enforced and maintained for all business applications, enhancing security. SSO removes the need for users to remember and manage multiple passwords, eliminating wasted time on resetting passwords.
The ContractWorks client at the “Administrator” level is the only individual with the ability to invite other users, including inviting other administrators. When inviting users, administrators can select specific permission settings for each person invited.
Audit Trail Reporting
Audit trail reporting allows administrators to see every click registered in the system. Reports include user, date, time, and actions taken and can be exported to Excel. Administrators can also select to have an audit report automatically emailed to them on a daily basis.
Multi-Factor authentication offers a simple yet highly effective protection against cyber security attacks by requiring a second piece of information to access your secure contract repository.
A five-digit SMS code is sent to the registered phone number and is needed for access. ContractWorks’ 2FA works worldwide. Users have the option to remember registered computers for thirty days.
ContractWorks offers an additional authentication option that can be used as an alternative to SMS authentication.
This process involves first installing an authentication app such as Google Authenticator on any smartphone. Upon first set-up, ContractWorks will produce a QR code that is then scanned using the authentication app. The authentication app will produce a one-time six-digit verification code which the user must enter in addition to their username and password to login into ContractWorks. This process works securely as a secret key is passed between ContractWorks and the authentication app. A new one-time secret key is used each time the user logs in. This process makes it more difficult for an outside party to gain access to a ContractWorks account by just having a username and password alone.
Administrative controls allow view-only access, which will automatically disable printing.
ContractWorks will automatically log a user off after 60 minutes of inactivity.
Personally-identifiable watermarks remind the user that information is confidential.