Overview
For Access, Must Be On: Team, Enterprise, or Government Cloud
FormAssembly is a web-based application that is offered as a SaaS solution. Data and the type of data to be collected depends on the company using the service to collect it. FormAssembly is an all remote workforce and has been since the inception of FormAssembly in 2006. The place of business is located in the United States, with billing addresses in Bloomington, Indiana. FormAssembly is utilizing AWS Availability Zones (AZ) worldwide to fit the needs of customers. This ensures that the collection of data that is collected stays in the region that is most applicable to customers.
Compliance






Documents
Risk Profile
Product Security
Reports
Self-Assessments
Data Security
App Security
Legal
Data Privacy
Access Control
Infrastructure
Endpoint Security
Network Security
Corporate Security
Policies
Security Grades

Knowledge Base
- Are the policies and procedures reviewed and updated at least annually?
- Are business continuity management and operational resilience policies and procedures established, documented, approved, communicated, applied, evaluated, and maintained?
- Are application security policies and procedures reviewed and updated at least annually?
- Are application security policies and procedures established, documented, approved, communicated, applied, evaluated, and maintained to guide appropriate planning, delivery, and support of the organization's application security capabilities?
- Is compliance verified regarding all relevant standards, regulations, legal/contractual, and statutory requirements applicable to the audit?
Trust Center Updates
The following policies had be updated and added back to the security portal:
- Access Control
- Breach Investigation and Notification (BIN)
- Compliance Audits and Communications
- Data/Media Management
- Encryption
- Information Security
- Mobile Device Security and Media Management
- Risk Management and Risk Assessment
- Secure Software Development and Product Security
- System Audits, Monitoring and Assessments
- Third Party Security
- Threat Detection and Prevention
- Vulnerability Management
The following policies had be updated and added back to the security portal:
- Business Continuity and Disaster Recovery
- Business Continuity and Disaster Recovery Plan
- Incident Response Policy
Version 4.04 of CAIQ Security Questionnaire has been uploaded and is ready for download.
HECVAT Lite Version 3.03 is now in the FormAssembly Customer Trust Portal
Version 3.03 of Higher Education Community Vendor Assessment Toolkit has been uploaded and is ready for download.
FormAssembly's ISO 27001 Surveillance Assessment Year 2 Final Report is now available to request and download.
FormAssembly's SOC 2 Type 2 Report is now available to request and download.
If you need help using this portal, please contact our Cybersecurity Risk team.
If you think you may have discovered a vulnerability, please send us a note.