Login Start Your Free Trial
SOC 2® Type 2 Compliant SOC 2® Type 2 Compliant
AWS Data Centers AWS Data Centers
Encryption of Data Encryption of Data
Single-Sign-On (SSO) Single-Sign-On (SSO)
Access Control Access Control
Audit Trail Reporting Audit Trail Reporting
Multi-Factor Authentication Multi-Factor Authentication
SOC 2® Type 2 Compliant

SOC 2® Type 2 Compliant for Security, Availability, and Confidentiality

With a SOC 2 Type 2 report, ContractWorks maintains its adherence to one of the most stringent, industry-accepted auditing standards for service companies and provides additional assurance to its clients, through an independent auditor, that its business process, information technology, and risk management controls are properly designed. SOC 2 audit reports focus on a Service Organization’s non-financial reporting controls as they relate to Security, Availability, Confidentiality, Processing Integrity, and Privacy, of a system.

21972-312_SOC_NonCPA

Request a demo

Certified AWS Data Centers

ISO 27001 Certified
with SOC 1, 2, and 3 Reports

ContractWorks leverages the power of AWS data centers, the industry leader in public cloud security. Data centers are physically secure with restricted access via keycards, pin codes, and biometrics. And onsite security officers ensure additional protection 24 hours a day, 365 days a year.

ContractWorks offers automatic encrypted online hourly backups. We store all information in multiple data centers strategically located in geographically different areas in both the United States and European Union.

Request a demo

Encryption of Data

256-bit encryption of data, both in transit and at rest

All connections are secured using TLS 1.2 with a 256-bit symmetric encryption and 2048-bit authenticated key agreement. Passwords are masked with a separate salt and encrypted with Bcrypt and enforced minimums for length and complexity. While at the data centers, all data remains encrypted using 256-bit AES.

Request a demo

Single-Sign-On (SSO)

Easy, secure identity management for organizations

With Single-Sign-On (SSO) using the SAML 2.0 standard, you can easily sign into one central program - such as Microsoft Active Directory, OneLogin, or Okta - to access many of your business applications, including ContractWorks. Users can be added and removed easily and company-wide password policies can be enforced and maintained for all business applications, enhancing security. SSO removes the need for users to remember and manage multiple passwords.

Request a demo

Access Control

Granular permission settings provide complete access control

The ContractWorks user at the “Administrator” level is the only individual with the ability to invite others to the data repository. When inviting others, Administrators can select specific permission settings for each person invited.

Request a demo

Audit Trail Reporting

Know who’s doing what in your account and when

Audit trail reporting allows Administrators to see every click registered in the system. Reports include user, date, time, and actions taken and can be exported to Excel. Administrators can also select to have an audit report automatically emailed to them on a daily basis.

Request a demo

Multi-Factor Authentication

An additional security layer to protect your account

Multi-Factor authentication offers a simple yet highly effective protection against cyber security attacks by requiring a second piece of information to access your secure contract repository.

SMS Authentication:

A five-digit SMS code is sent to the registered phone number and is needed for access. ContractWorks’ 2FA works worldwide.

Authentication App:

This process involves installing an authentication app, such as Google Authenticator on any smartphone. Upon first set-up, ContractWorks will produce a QR code that is scanned using the authentication app. The authentication app will produce a one-time six-digit verification code, which the user must enter in addition to their username and password, to log into ContractWorks. This process works securely as a secret key is passed between ContractWorks and the authentication app. A new one-time key is used each time the user logs in.

Request a demo