SOC 2® Type 2 Compliant
SOC 2® Type 2 Compliant for Security, Availability, and Confidentiality
With a SOC 2 Type 2 report, ContractWorks maintains its adherence to one of the most stringent, industry-accepted auditing standards for service companies and provides additional assurance to its clients, through an independent auditor, that its business process, information technology, and risk management controls are properly designed. SOC 2 audit reports focus on a Service Organization’s non-financial reporting controls as they relate to Security, Availability, Confidentiality, Processing Integrity, and Privacy, of a system.
Certified AWS Data Centers
ISO 27001 Certified
with SOC 1, 2, and 3 Reports
ContractWorks leverages the power of AWS data centers, the industry leader in public cloud security. Data centers are physically secure with restricted access via keycards, pin codes, and biometrics. And onsite security officers ensure additional protection 24 hours a day, 365 days a year.
ContractWorks offers automatic encrypted online hourly backups. We store all information in multiple data centers strategically located in geographically different areas in both the United States and European Union.
Encryption of Data
256-bit encryption of data, both in transit and at rest
All connections are secured using TLS 1.2 with a 256-bit symmetric encryption and 2048-bit authenticated key agreement. Passwords are masked with a separate salt and encrypted with Bcrypt and enforced minimums for length and complexity. While at the data centers, all data remains encrypted using 256-bit AES.
Single-Sign-On (SSO)
Easy, secure identity management for organizations
With Single-Sign-On (SSO) using the SAML 2.0 standard, you can easily sign into one central program - such as Microsoft Active Directory, OneLogin, or Okta - to access many of your business applications, including ContractWorks. Users can be added and removed easily and company-wide password policies can be enforced and maintained for all business applications, enhancing security. SSO removes the need for users to remember and manage multiple passwords.
Access Control
Granular permission settings provide complete access control
The ContractWorks user at the “Administrator” level is the only individual with the ability to invite others to the data repository. When inviting others, Administrators can select specific permission settings for each person invited.
Audit Trail Reporting
Know who’s doing what in your account and when
Audit trail reporting allows Administrators to see every click registered in the system. Reports include user, date, time, and actions taken and can be exported to Excel. Administrators can also select to have an audit report automatically emailed to them on a daily basis.
Multi-Factor Authentication
An additional security layer to protect your account
Multi-Factor authentication offers a simple yet highly effective protection against cyber security attacks by requiring a second piece of information to access your secure contract repository.
SMS Authentication:
A five-digit SMS code is sent to the registered phone number and is needed for access. ContractWorks’ 2FA works worldwide.
Authentication App:
This process involves installing an authentication app, such as Google Authenticator on any smartphone. Upon first set-up, ContractWorks will produce a QR code that is scanned using the authentication app. The authentication app will produce a one-time six-digit verification code, which the user must enter in addition to their username and password, to log into ContractWorks. This process works securely as a secret key is passed between ContractWorks and the authentication app. A new one-time key is used each time the user logs in.
Download Security Specifications PDF
If you want more information on our security or would like to share this information, please download our security documentation.
Additional Security Features
Designed with your contract security in mind
Watermarks
Personally-identifiable watermarks remind the user that the information is confidential to reduce the risk of accidental sharing.
View-Only Access
Administrative controls allow view-only access, which will automatically disable printing.
No Backend Access to Data
Unlike many other solutions, ContractWorks never has backend access to your data.
Features
Explore more ContractWorks features
Know What to Look For
The Buyer's Guide to Contract Management Software
There are hundreds of contract management solutions on the market. Download our guide to quickly determine which one is the best fit for your needs.
Download See All ResourcesAffordable Contract Management Software Pricing
ContractWorks offers low, transparent pricing at three different levels, affordable for businesses of all sizes.
Includes unlimited users, 2,500 documents, and 5 electronic signature licenses.
Includes unlimited users, 10,000 documents, and 10 electronic signature licenses.
Includes drafting, redlining, and workflows for companies looking to scale to a full CLM.