Enterprise-Grade Contract Security & Compliance
Contracts are business-critical documents, so it’s important that your contract management system protects your documents while they’re being created, edited, stored, and processed.
Security-conscious organizations like Mastercard, L’Oréal, and Cisco rely on Ironclad to power their agreements. Here’s how we ensure enterprise-level security for all our customers.
Industry-leading contract security
Data encryption & infrastructure
Encryption. Encryption of all data in transit (using TLS 1.2 or higher) and at rest (through AES-256). Cloud-based deployment. Ironclad uses the US-hosted Google Cloud Platform for production servers and operates in multiple zones to protect against outages.
Cybersecurity & operational security
Ironclad conducts annual penetration testing and quarterly vulnerability testing to proactively identify and remediate any security vulnerabilities in the Ironclad system.
Ironclad’s operational security policies include policies governing IT assets, access controls, internet access policies, antivirus policies, remote access policies, and other risk mitigation measures. These will be provided upon request.
Compliance & certifications
GDPR & HIPAA
Ironclads’s GDPR compliance program includes Standard Contractual Clauses in conjunction with its Data Processing Addendum. We also comply with US HIPAA to keep PII and PHI data safe.
SOC 1 & SOC 2 Type II
Routine audits to receive a certified 3rd party SOC 1 & SOC 2 Type II report. We certify against multiple Trust Categories which include security, availability, confidentiality, and privacy.
Ironclad leverages public cloud providers for all data center operations. All of our public cloud vendors are certified under SOC 2, ISO 27001, PCI DSS, and FedRAMP. We leverage multiple data center regions from our providers to provide the most reliable and security services while providing the necessary data residency requirements.
CSA Trusted Provider
Ironclad is a member of the Cloud Security Alliance (CSA), which strives to make security in the cloud better for all SaaS products and services. Our security team participates in monthly and annual security calls with the CSA to help with industry best practices and guidance towards a more secure cloud environment for all customers.
We offer a public Consensus Assessments Initiative Questionnaire (CAIQ) which is downloadable via the CSA website.
Business continuity and disaster planning
In the event of a disaster, Ironclad maintains a Disaster Recovery Program to ensure all services are recoverable from multiple scenarios. All disaster recovery procedures are tested on a semi-annual basis and we update our Business Continuity Planning (BCP) documentation annually to adapt to any changes within our products or business processes.
Ironclad strives to maintain all contractual objectives for Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
Ironclad strives to be the #1 trusted partner in contract management.
For our Acceptable Use Policy, Business Continuity Plan, Change Management documentation, Cybersecurity Policy, Formal Risk Assessment Guidelines and Risk, or other documentation, please reach out to your sales or customer success representative.
Report any issues to firstname.lastname@example.org