Enterprise-Grade Contract Security & Compliance

Contracts are business-critical documents, so it’s important that your contract management system protects your documents while they’re being created, edited, stored, and processed.

Security-conscious organizations like Mastercard, L’Oréal, and Cisco rely on Ironclad to power their agreements. Here’s how we ensure enterprise-level security for all our customers.

Request Demo Contact Security
Ironclad Security Badge

Compliance & certifications


Ironclads’s GDPR compliance program includes Standard Contractual Clauses in conjunction with its Data Processing Addendum. We also comply with US HIPAA to keep PII and PHI data safe. 

Links to our Privacy Policy, Terms of Service, Data Processing Addendum, CA Privacy notice, and Cookie Policy can be found at

SOC 1 & SOC 2 Type II

Routine audits to receive a certified 3rd party SOC 1 & SOC 2 Type II report. We certify against multiple Trust Categories which include security, availability, confidentiality, and privacy.

ISO 27001/17/18

Ironclad leverages public cloud providers for all data center operations. All of our public cloud vendors are certified under SOC 2, ISO 27001, and PCI DSS. We leverage multiple data center regions from our providers to provide the most reliable and security services while providing the necessary data residency requirements.

CSA Trusted Provider

Ironclad is a member of the Cloud Security Alliance (CSA), which strives to make security in the cloud better for all SaaS products and services. Our security team participates in monthly and annual security calls with the CSA to help with industry best practices and guidance towards a more secure cloud environment for all customers.

We offer a public Consensus Assessments Initiative Questionnaire (CAIQ) which is downloadable via the CSA website.

Business continuity and disaster planning

In the event of a disaster, Ironclad maintains a Disaster Recovery Program to ensure all services are recoverable from multiple scenarios. All disaster recovery procedures are tested on a semi-annual basis and we update our Business Continuity Planning (BCP) documentation annually to adapt to any changes within our products or business processes. 

Ironclad strives to maintain all contractual objectives for Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).

Request certification documents via our security portal

Ironclad strives to be the #1 trusted partner in contract management.

For our Acceptable Use Policy, Business Continuity Plan, Change Management documentation, Cybersecurity Policy, Formal Risk Assessment Guidelines and Risk, or other documentation, please reach out to your sales or customer success representative.

Report any issues to

Request Demo Contact Security