Overview
Overview

FormAssembly Inc. (FormAssembly) is committed to ensuring the confidentiality, integrity, and availability (CIA) of all sensitive information that it receives, processes, stores, and/or transmits on behalf of its Customers.

The purpose of the FormAssembly Information Security program is to ensure that sensitive data, such as all electronic protected health information (ePHI) and payment card holder data (CHD), is handled appropriately. FormAssembly intends to maintain compliance, address information security risks, and assure known breaches and disclosures are communicated in a timely and useful manner.

FormAssembly develops and operates software (the "Application" or "FormAssembly"), which is sold under the FormAssembly Inc. brand. Under this brand, FormAssembly provides FormAssembly using the Software-as-a-Service (SaaS) model.

FormAssembly provides the FormAssembly Service as a secure and compliant cloud-based application. The FormAssembly service is offered under three models:

  1. FormAssembly Professional and Premier Plans - a multi-tenant application
  2. FormAssembly Enterprise Cloud - a single-tenant option
  3. FormAssembly Compliance Cloud - a single-tenant option

Compliance
Compliance

CCPA Logo
CCPA
FedRAMP Moderate Logo
FedRAMP Moderate
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
PCI DSS Logo
PCI DSS
Privacy Shield Logo
Privacy Shield
SOC 3 Logo
SOC 3
SOC 2 Logo
SOC 2
7 Documents
PCI DSS
Pentest Report
ISO 27001
PCI DSS
SOC 3
Other Policies

Risk Profile
Risk Profile

Data Access LevelRestricted
Impact LevelModerate
Recovery Time Objective< 24 Hours
View 4 More Items

Product Security
Product Security

Role-Based Access Control
Audit Logging
Data Security
View 4 More Items

Reports
Reports

Network Diagram
PCI DSS
Pentest Report
View 1 More Item

Completed Forms
Completed Forms

HECVAT Full
SIG Lite
VSA Full

Data Security
Data Security

Access Monitoring
Backups Enabled
Encryption-at-rest
View 2 More Items

App Security
App Security

Bug Bounty
Code Analysis
Software Development Lifecycle
View 3 More Items

Access Control
Access Control

Data Access
Logging
Password Security

Infrastructure
Infrastructure

Anti-DDoS
Amazon Web Services
Infrastructure Security
View 1 More Item

Security Grades
Security Grades

Qualys SSL Labs
  • FormAssembly CC
    A
  • FormAssembly EC
    A
  • FormAssembly App
    A
  • FormAssembly Main
    A

Endpoint Security
Endpoint Security

DNS Filtering
Endpoint Detection & Response
Mobile Device Management
View 1 More Item

Network Security
Network Security

DNSSEC
Firewall
IDS/IPS
View 2 More Items

Corporate Security
Corporate Security

Email Protection
Employee Training
Incident Response
View 4 More Items

Policies
Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
View 16 More Items

If you think you may have discovered a vulnerability, please send us a note.