AWS Data Centers
Amazon Web Services (AWS) data centers are ISO 27001 certified, offer SOC 1, 2 & 3 reports, and are physically secure with protective measures that restrict ingress and egress. These measures include electronic keycards, pin codes, and biometric hand scans. Additionally, onsite security officers guard the data centers 24 hours a day, 365 days a year.
Encryption of Data
All connections are protected using TLS with a 256-bit symmetric encryption and 2048-bit authenticated key agreement. Passwords are masked with a separate salt and encrypted with Bcrypt. While at the data centers, all data remains encrypted using 256-bit AES, which is certified for use by the U.S. Government for top-secret documents.
ContractWorks automatic encrypted online backup is a key component in any disaster recovery plan as a protection against hardware failure, deletion, and natural disaster.
The ContractWorks client at the “Administrator” level is the only individual with the ability to invite other users, including inviting other administrators. When inviting users, administrators can select specific permission settings for each person invited.
Audit Trail Reporting
Audit trail reporting allows administrators to see every click registered in the system. Reports include user, date, time, and actions taken and can be exported to Excel. Administrators can also select to have an audit report automatically emailed to them on a daily basis.
Two-factor authentication offers a simple yet highly-effective protection against cyber security attacks by requiring a second piece of information to access your account. A five digit SMS code is sent to the registered phone number and is needed for access. ContractWorks’ 2FA works worldwide. Users have the option to remember registered computers for thirty days.
Protect the confidentiality of your critical documents with a customizable NDA.
Administrative controls allow view-only access, which will automatically disable printing.
ContractWorks will automatically log a user off after 60 minutes of inactivity.
Personally-identifiable watermarks remind the user that information is confidential.