AWS Data Centers
Amazon Web Services (AWS) data centers are ISO 27001 certified, offer SOC 1, 2 & 3 reports, and are physically secure with protective measures that restrict ingress and egress. These measures include electronic keycards, pin codes, and biometric hand scans. Additionally, onsite security officers guard the data centers 24 hours a day, 365 days a year. Offsite backups are also included as a protection against hardware failure, theft, virus attack, deletion, and natural disaster.
ContractWorks also offers automatic encrypted online hourly backups. We store all information in multiple data centers, which are located in geographically separate locations only in the United States, as a protection against hardware failure, theft, virus attack, deletion, and natural disaster.
Encryption of Data
All connections are protected using TLS with a 256-bit symmetric encryption and 2048-bit authenticated key agreement. Passwords are masked with a separate salt and encrypted with Bcrypt. While at the data centers, all data remains encrypted using 256-bit AES, which is certified for use by the U.S. Government for top-secret documents.
SAML 2.0/Single-Sign-On (SSO)
With Single-Sign-On (SSO) using the SAML 2.0 standard, you can easily sign into one central program such as Microsoft Active Directory, OneLogin, or Okta to access many of your business applications including ContractWorks. Users can be added and removed easily and company-wide password policies can be enforced and maintained for all business applications, enhancing security. SSO removes the need for users to remember and manage multiple passwords, eliminating wasted time on resetting passwords.
The ContractWorks client at the “Administrator” level is the only individual with the ability to invite other users, including inviting other administrators. When inviting users, administrators can select specific permission settings for each person invited.
Audit Trail Reporting
Audit trail reporting allows administrators to see every click registered in the system. Reports include user, date, time, and actions taken and can be exported to Excel. Administrators can also select to have an audit report automatically emailed to them on a daily basis.
Two-factor authentication offers a simple yet highly-effective protection against cyber security attacks by requiring a second piece of information to access your account. A five digit SMS code is sent to the registered phone number and is needed for access. ContractWorks’ 2FA works worldwide. Users have the option to remember registered computers for thirty days.
Protect the confidentiality of your critical documents with a customizable NDA.
Administrative controls allow view-only access, which will automatically disable printing.
ContractWorks will automatically log a user off after 60 minutes of inactivity.
Personally-identifiable watermarks remind the user that information is confidential.