Our customers must be absolutely guaranteed that they are the ONLY ones who can access and view their contract information. We take every precaution possible to make sure that’s the case, including:
Customer data is critical to Contract Logix. Every customer has their own secure, physically separated data to ensure data is never co-mingled between customers. Our distributed model helps to ensure enterprise-class security and scalability, while improving data-level performance and encryption efficiencies.
Contract Logix was designed with data privacy in mind and takes no chances with customer-owned data. Customer data is encrypted at rest using AES 256-bit encryption.
To ensure customer data is remains secure during the transfer between our customers and the Contract Logix services, Contract Logix uses TLS 1.2 (Transport Layer Security) encryption.
As part of industry best practices, data encryption keys are stored and managed securely in Microsoft’s Azure Key Vault. Applications have no direct access to the keys used, and this helps increase security and control over keys. Microsoft Azure Key Vault uses FIPS 140-2 Level 2 validated Hardware Security Model (HSMs.) For more information about, please see Microsoft Azure’s Key Vault page.
Contract Logix provides application and service-level controls customers need to support their data retention and archive policies. Customers can set their requirements or policies around how their data should be retained and archived. Further, only users with the appropriate role-based permissions, can restore data directly in the application.
Contract Logix maintains customer data using industry best practices. This includes providing customers with industry-leading, real-time back-ups. All back-ups are encrypted using AES 256-bit encryption at rest for security purposes.
Data destruction policies ensure all customer data is destroyed and sanitized according to the retention needs of each customer throughout all phases of implementation or the contract terms.
All Contract Logix employees are required to go through detailed background checks and to complete mandatory security and policy training.
Contract Logix’ Secure Software Development Life Cycle (S-SDLC) integrates our development process with a “security-first” approach. From the outset of a new project, consideration for security protocols, design/product reviews, and security awareness training is required. Additionally, Contract Logix uses a third-party enterprise application security platform (Qualys and Microsoft App Insights) to continuously monitor the live production sites and to identify any vulnerabilities in the application. These systems assess the technical vulnerabilities, including the Open Web Application Security Project’s (OWASP) Top 10 list.
Ongoing source code reviews are performed by qualified in-house personnel continuously.
Third-party penetration testing is performed prior to every major release with all critical and high-level issues resolved prior to the release itself. Penetration testing is performed not less than two times annually or as-required by major release schedules.
Contract Logix allows customer IT administrators to set mandatory employee password policies and to leverage account lockouts after failed logins. Mandatory password requirements greatly reduce the exploitation of default user credentials and/or roles. Account lockouts prevent brute force attacks, by immediately locking out the access point (AP) after multiple failed login attempts. Once set up, customer administrators can monitor user access and logs for monitoring purposes.
Contract Logix’ fully managed SaaS solutions remove common IT barriers and reduce infrastructure hardware, software and management costs. As a complete end-to-end solution, Contract Logix uses the latest technologies offering organizations a highly secure, ultra-redundant environment for their critical data and applications. Organizations can easily access information from anywhere using a standard web browser. Fast, reliable performance, high security, and low costs mean you can start leveraging your new software across your entire enterprise – quickly and affordably!