Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

FormAssembly is a web-based data collection application that is offered as a SaaS solution.

The FormAssembly service is offered under three models:

  1. FormAssembly Professional and Premier Plans - a multi-tenant application
  2. FormAssembly Enterprise Cloud - a single-tenant option
  3. FormAssembly Compliance Cloud - a single-tenant option

Compliance

CCPA Logo
CCPA
FedRAMP Moderate Logo
FedRAMP Moderate
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

FormAssembly is reviewed and trusted by

AetnaAetna
American Psychological AssociationAmerican Psychological Association
Boston Medical CenterBoston Medical Center
Charles Koch InstituteCharles Koch Institute
City of TorontoCity of Toronto
CVS HealthCVS Health
Epic GamesEpic Games
Fidelity InvestmentsFidelity Investments
Habitat for HumanityHabitat for Humanity
Harvard Business SchoolHarvard Business School
LendingTreeLendingTree
NAACPNAACP
UnitedHealth GroupUnitedHealth Group

Documents

13 Documents
Network Diagram
PCI DSS
Pentest Report
ISO 27001
ISO 27001 SoA
PCI DSS
SOC 2
HECVAT Full
SIG Lite
VSA Full
Other Policies

Risk Profile

Data Access LevelRestricted
Impact LevelModerate
Recovery Time Objective< 24 Hours
See more

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Reports

Network Diagram
PCI DSS
Pentest Report
See more

Self-Assessments

HECVAT Full
SIG Lite
VSA Full

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Bot Detection
Bug Bounty
Code Analysis
See more

Legal

SubprocessorsWordPressClearbitMarketoGoogleSalesforce
Cyber Insurance
Privacy Policy
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
Amazon Web Services
BC/DR
See more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
See more

Network Security

Data Loss Prevention
DNSSEC
Firewall
See more

Corporate Security

Email Protection
Employee Training
HR Security
See more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
See more

Security Grades

Qualys SSL Labs
FormAssembly CC
A
FormAssembly EC
A
FormAssembly App
A

Trust Center Updates

Okta LAPSUS$ Update

Published at 04/22/2022, 10:20 PM

As Okta first became aware that the threat actor had successfully taken screenshots on March 21, 2022, Okta responded with transparency, sharing what Okta knew at the time. On March 22, 2022, Okta began notifying the maximum number of potentially impacted customers, which Okta scoped by examining all of the access performed by all Sitel employees to the SuperUser application during the 5-day window. Okta has shared logs from the SuperUser app with each of those customers, and held meetings that included Okta Security staff to help customers understand their log data.

How is FormAssembly responding to this news?

There was no impact to FormAssembly customers.

Okta LAPSUS$

Published at 03/28/2022, 2:59 PM

Okta in the news

In March 2022, a threat actor known as LAPSUS$ claimed to have compromised Okta, a company FormAssembly and many of our peers use for authentication of third-party apps internally.

How is FormAssembly responding to this news?

We take the security and safety of our company and our platform seriously. We have not identified any impact to FormAssembly. We will continue to actively monitor our systems and take the necessary actions in order to keep our community safe.

If you think you may have discovered a vulnerability, please send us a note.

Report Issue