Security
Enterprise-Grade Contract Security & Compliance
Contracts are business-critical documents, so it’s important that your contract management system protects your documents while they’re being created, edited, stored, and processed.
Security-conscious organizations like Fitbit, L’Oréal, and Staples rely on Ironclad to power their agreements. Here’s how we ensure enterprise-level security for all our customers.
Data Encryption & Infrastructure
Encryption. Encryption of all data in transit (using TLS 1.2 or higher) and at rest (through AES-256).
Cloud-based deployment. Ironclad uses the US-hosted Google Cloud Platform for production servers and operates in multiple zones to create robustness against outages.
Cybersecurity & Operational Security
Penetration testing. Ironclad conducts annual penetration testing and quarterly vulnerability testing to proactively identify and remediate any security vulnerabilities in the Ironclad system.
Operational security. Ironclad’s operational security policies include policies governing IT assets, access controls, internet access policies, antivirus policies, remote access policies, and other risk mitigation measures. These may be provided upon request.
Industry-Leading Contract Security
Third-party review. Security Scorecard graded us highest among our competitors.
Policies & Certifications
Security Certifications
Ironclad has been SOC 2, Type II certified since 2017.
Data Retention Policy
Ironclad’s physical and electronic records data retention policies ensure that records that are no longer needed by Ironclad or are of no value are deleted at regular intervals.
GDPR Compliance
Ironclad’s GDPR compliance program include Standard Contractual Clauses in conjunction with its Data Processing Addendum.
User Permission Management
Ironclad operates according to the principle of least privilege and conducts regular checks to ensure that Ironclad personnel are only granted the permissions they need to conduct their job functions.