Welcome to the FormAssembly Trust Center Portal
This is your go-to place for everything related to security, privacy, and compliance on our platform. We know that trust matters, especially when you're handling sensitive data. That’s why we built this space to give you a clear look at how we manage and protect your information.
Here, you’ll find detailed resources like our security certifications, compliance documents, data protection policies, third-party audit reports, incident response steps, and more. It's meant to keep you informed and give you peace of mind.
Please note: Some of our policies and documents are only available to prospect and current Team, Enterprise, or Government Cloud customers. If that applies to you and you need access, please reach out to your assigned Customer Success Manager or contact our Support Team.
Airbnb
Red Bull
Southwest Airlines
Pearson
Netflix
IEEE Standards Association
Aetna
Boston Medical Center
CVS Health
Epic Games
Harvard Business School
UnitedHealth GroupDocuments
- Describe the encryption method used for data in-transit.
- Does your organization have a Password Policy?
- Describe the process for breach notifications.
- Has your organization completed a CAIQ questionnaire?
- Type of legal entity and state of incorporation
FormAssembly Not Affected by Compromised Axios Package
FormAssembly Not Affected by Compromised Axios Package
We are aware of a recently disclosed supply chain incident affecting specific versions of the widely used npm package axios.
What happened?
Certain versions of axios were found to include malicious code introduced through a compromised maintainer account.
Affected versions:
axios@1.14.1axios@0.30.4
Our status
We have conducted an internal review and can confirm that FormAssembly systems and services are not affected by these compromised versions.
We continue to monitor this situation closely and will provide updates if necessary.
For more details, you may refer to:
https://semgrep.dev/blog/2026/axios-supply-chain-incident-indicators-of-compromise-and-how-to-contain-the-threat/
NPM Supply Chain Attack
FormAssembly is aware of the recent supply chain attacks involving multiple NPM packages. After conducting a thorough internal review, we can confirm that FormAssembly is not affected by any of the compromised NPM packages identified in these reports. We will continue to monitor for new developments and take all necessary steps to ensure the security and integrity of our systems.
Salesloft Drift Supply Chain Incident
We are aware of the recent security breach involving Salesloft’s Drift OAuth integration flow with Salesforce, which impacted several companies through compromised authentication tokens.
FormAssembly is not impacted by this incident.
We do not use Salesloft Drift or integrate with any Drift-based services. Our systems remain secure, and no customer data has been exposed as a result of this breach.
We continue to monitor the situation and will notify our customers if anything changes. If you have questions, our team is here to help.
FormAssembly Not Affected by Recent SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771)
We are aware of the recently disclosed vulnerabilities affecting Microsoft SharePoint (CVE-2025-53770 and CVE-2025-53771). We want to assure our customers and partners that FormAssembly is not affected by these issues.
These vulnerabilities apply only to on-premises versions of Microsoft SharePoint. At FormAssembly, we exclusively use Microsoft 365 SharePoint Online for our Connectors, which is not impacted by these CVEs.
We remain committed to closely monitoring all security advisories and ensuring our platform and connectors continue to meet industry best practices.
If you have further questions or concerns, please don't hesitate to reach out to our security team via security@formassembly.com.
SOC 2 Type 2 Report
FormAssembly's controls are assessed by A-LIGN, who specialize in compliance across multiple industries, on an annual basis.
FormAssembly annually performs a SOC-2 Type-2 assessment. Our most recently available report covers from December 1, 2023 - May 31, 2024. An updated review period is scheduled with our auditors, and we expect an updated report to be available in mid-2023.
The SOC 2 report includes management’s description of FormAssembly’s trust services and controls as well as A-LIGN’s opinion of FormAssembly’s system design. You can find it under the Reports section of this Security Portal.
We maintain a SOC 2 Type 2 certification as a result of this regular audit activity and can share the most recent SOC 2 report with our customers upon request and under a non-disclosure agreement. The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security.
The scope of this report covers controls supporting the FormAssembly App and Enterprise/Compliance plans.