Is my data safe and secure with ContractZen?

All contract documents and attachments are encrypted using RSA 256 encryption and the connection to the ContractZen service is always encrypted using Symantec SHA 256 RSA SSL with extended validation. 
ContractZen runs on Microsoft’s Azure cloud computing platform.  Azure servers are located in the Netherlands with the strong EU data privacy laws. 

Read more about Microsoft Azure Security.

More details on ContractZen & Microsoft Azure Security

Customer data security and privacy are of paramount importance for ContractZen. ContractZen product’s nature as a contract management solution signifies the importance of all things related to information security. The security of the solution is ensured on many levels, from regulatory requirements to architecture and solution’s physical security.

The following sub-chapters describe the steps taken to ensure the security of the solution. 

DESIGN SECURITY 

The security of the ContractZen solution starts with a secure technology foundation. The solution has been designed with security in mind from the ground up. All outward-facing interfaces are hardened against attacks, and naturally Microsoft Azure aids in protecting and mitigating in any situations. The Azure platform naturally evolves and constantly updates, and this in turn also minimizes security risks caused by open vulnerabilities on the platform.

The ContractZen solution has been developed with the Microsoft Azure Best Practices guidelines as well as Microsoft’s web application architectural guidelines. These guidelines ensure that Microsoft’s global incident response teams are able to mitigate the effects of any attacks against the security of the ContractZen solution as a whole.

No payment card data is held by ContractZen, as all of the payment card data processing is subcontracted to Stripe, a PCI-DSS-certified payment card processing vendor. 

DEVELOPMENT SECURITY

During the development cycle the Secure Development Lifecycle is utilized. This is a mandatory development process that embeds security requirements into every phase of the development process. The application development takes into consideration the OWASP-10 vulnerabilities and mitigates the possible effect of those. 

An incident ticketing system is used and all tickets that might have security implications are tagged. All tagged tickets need validation from a security responsible to be closed.

CLOUD SECURITY 

ContractZen solution’s health is monitored with a centralized monitoring system providing continuous visibility into the status of the system. The system alerts management teams in case of incidents.

Microsoft Azure offers automatic Antimalware for cloud services and utilizes detection and mitigation techniques to protect against DDoS attacks.

All network connections are authenticated and logged and no unauthorized access is allowed.

DATA SECURITY

ContractZen runs on Microsoft’s Azure cloud computing platform. Azure servers are located in the Netherlands with the strong EU data privacy laws. Microsoft Cloud meets key international and industry-specific compliance standards, such as ISO/IEC 27001 and ISO/IEC 27018, FedRAMP, and SOC 1 and SOC 2. They also meet regional and country-specific standards and contractual commitments, including the EU Model Clauses, UK G-Cloud, Singapore MTCS, and Australia CCSL (IRAP). Read more about Microsoft Azure Security.

The SQL database uses the Azure SQL Database built-in Transparent Data Encryption, which uses AES-256 symmetric encryption to encrypt all data files. (Read more on TDE: https://blogs.msdn.microsoft.com/sqlsecurity/2016/10/05/feature-spotlight-transparent-data-encryption-tde/).

Azure Cosmos DB NoSQL database is encrypted at rest by default by using AES-256. (Read more: https://docs.microsoft.com/en-us/azure/cosmos-db/database-encryption-at-rest).

All connections to both databases are also encrypted in transit with TLS (Transport Layer Security, the same protocol used when accessing any website over HTTPS).

Files uploaded by users are stored in Azure Storage, which has encryption enabled at rest, which also uses AES-256. In addition, the files are encrypted with AES before upload by using keys that are specific to a user’s organization.

BACKUP AND DISASTER RECOVERY

All data on the platform is stored across multiple redundant hardware clusters and geo-replicated to an additional data center region to ensure continuity of services. Data is continuously backed up to enable point-in-time restores. The data is backed up to minimize data loss even if there’s a natural disaster. Azure cloud services enable the recovery to a different site.

Feedback and Knowledge Base