With a SOC 2 Type 2 report, ContractWorks maintains its adherence to one of the most stringent, industry-accepted auditing standards for service companies and provides additional assurance to its clients, through an independent auditor, that its business process, information technology, and risk management controls are properly designed. SOC 2 audit reports focus on a Service Organization’s non-financial reporting controls as they relate to Security, Availability, Confidentiality, Processing Integrity, and Privacy, of a system.
ContractWorks leverages the power of AWS data centers, the industry leader in public cloud security. Data centers are physically secure with restricted access via keycards, pin codes, and biometrics. And onsite security officers ensure additional protection 24 hours a day, 365 days a year.
ContractWorks offers automatic encrypted online hourly backups. We store all information in multiple data centers strategically located in geographically different areas in both the United States and European Union.
All connections are secured using TLS 1.2 with a 256-bit symmetric encryption and 2048-bit authenticated key agreement. Passwords are masked with a separate salt and encrypted with Bcrypt and enforced minimums for length and complexity. While at the data centers, all data remains encrypted using 256-bit AES.
With Single-Sign-On (SSO) using the SAML 2.0 standard, you can easily sign into one central program - such as Microsoft Active Directory, OneLogin, or Okta - to access many of your business applications, including ContractWorks. Users can be added and removed easily and company-wide password policies can be enforced and maintained for all business applications, enhancing security. SSO removes the need for users to remember and manage multiple passwords.
The ContractWorks user at the “Administrator” level is the only individual with the ability to invite others to the data repository. When inviting others, Administrators can select specific permission settings for each person invited.
Audit trail reporting allows Administrators to see every click registered in the system. Reports include user, date, time, and actions taken and can be exported to Excel. Administrators can also select to have an audit report automatically emailed to them on a daily basis.
Multi-Factor authentication offers a simple yet highly effective protection against cyber security attacks by requiring a second piece of information to access your secure contract repository.
A five-digit SMS code is sent to the registered phone number and is needed for access. ContractWorks’ 2FA works worldwide.
This process involves installing an authentication app, such as Google Authenticator on any smartphone. Upon first set-up, ContractWorks will produce a QR code that is scanned using the authentication app. The authentication app will produce a one-time six-digit verification code, which the user must enter in addition to their username and password, to log into ContractWorks. This process works securely as a secret key is passed between ContractWorks and the authentication app. A new one-time key is used each time the user logs in.
Create a single system of truth, accessible anywhere, with our cloud-based repository.
Customize reports on any data point you want and stay ahead of your obligations with milestone alerts.
Quickly find specific language and clauses with OCR and advanced search features.