Customer Trust

Overview

For Access, Must Be On: Team, Enterprise, or Government Cloud

FormAssembly is a web-based application that is offered as a SaaS solution. Data and the type of data to be collected depends on the company using the service to collect it. FormAssembly is an all remote workforce and has been since the inception of FormAssembly in 2006. The place of business is located in the United States, with billing addresses in Bloomington, Indiana. FormAssembly is utilizing AWS Availability Zones (AZ) worldwide to fit the needs of customers. This ensures that the collection of data that is collected stays in the region that is most applicable to customers.

Compliance

FedRAMP Moderate

GDPR

ISO 27001

ISO 27001 SoA

PCI DSS

SOC 2

Visa Service Provider

FormAssembly is reviewed and trusted by

Aetna

Boston Medical Center

CVS Health

Epic Games

Harvard Business School

UnitedHealth Group

Documents

All

Public

Private

Pentest Reports

ISO 27001

PCI DSS

SOC 2

Cyber Insurance

ISO 27001 Report

Network Diagram

PCI DSS

ISO 27001 SoA

CAIQ STAR Security Questionnaire

HECVAT Full

HECVAT Lite

OWASP Questionnaire

SIG Lite

VSA Full

Access Control Policy

Asset Management Policy

Breach Investigation and Notification (BIN) Policy

Business Continuity and Disaster Recovery

Change Management

Compliance Audits and Communications

Data/Media Management Policy

Encryption Policy

HR & Personnel Security Policy

Incident Response Policy

Information Security Policy

Mobile Device Security and Media Management

Other ISO/IEC 27001 Documents

Risk Management and Risk Assessment

Secure Software Development and Product Security

System Audits, Monitoring and Assessments

Third Party Security Policy

Third Party Security, Vendor Risk Management

Threat Detection and Prevention Policy

Vulnerability Management

Accessibility Conformance Report

Code of Conduct

Disaster Recovery Test

Information Security Organization Chart

Risk Profile

Data Access LevelRestricted

Impact LevelModerate

Recovery Time Objective< 24 Hours

Product Security

Audit Logging

Data Security

Integrations

Reports

ISO 27001 Report

Network Diagram

PCI DSS

Self-Assessments

CAIQ STAR Security Questionnaire

HECVAT Full

HECVAT Lite

Data Security

Access Monitoring

Backups Enabled

Data Centers & Physical Security

App Security

Responsible Disclosure

Bot Detection

Code Analysis

Legal

Subprocessors

Cyber Insurance

Data Privacy

Data Breach Notifications

Data Privacy Officer

Access Control

Data Access

Logging

Password Security

Infrastructure

Status Monitoring

Amazon Web Services

Anti-DDoS

Endpoint Security

Disk Encryption

DNS Filtering

Endpoint Detection & Response

Network Security

Data Loss Prevention

DNSSEC

Firewall

Corporate Security

Asset Management Practices

Email Protection

Employee Training

Policies

Access Control Policy

Asset Management Policy

Breach Investigation and Notification (BIN) Policy

Security Grades

SecurityScorecard

FormAssembly App

HSTS Preload List

FormAssembly App

ImmuniWeb

FormAssembly CC

FormAssembly EC

FormAssembly App

Knowledge Base

Are the policies and procedures reviewed and updated at least annually?
Are business continuity management and operational resilience policies and procedures established, documented, approved, communicated, applied, evaluated, and maintained?
Are application security policies and procedures reviewed and updated at least annually?
Are application security policies and procedures established, documented, approved, communicated, applied, evaluated, and maintained to guide appropriate planning, delivery, and support of the organization's application security capabilities?
Is compliance verified regarding all relevant standards, regulations, legal/contractual, and statutory requirements applicable to the audit?

Trust Center Updates

Updated Policies Added

ComplianceCopy link

The following policies had be updated and added back to the security portal:

Access Control
Breach Investigation and Notification (BIN)
Compliance Audits and Communications
Data/Media Management
Encryption
Information Security
Mobile Device Security and Media Management
Risk Management and Risk Assessment
Secure Software Development and Product Security
System Audits, Monitoring and Assessments
Third Party Security
Threat Detection and Prevention
Vulnerability Management

Published at N/A

The following policies had be updated and added back to the security portal:

Business Continuity and Disaster Recovery
Business Continuity and Disaster Recovery Plan
Incident Response Policy

Published at N/A

Version 4.04 of CAIQ Security Questionnaire

ComplianceCopy link

Version 4.04 of CAIQ Security Questionnaire has been uploaded and is ready for download.

Published at N/A

Version 3.03 of Higher Education Community Vendor Assessment Toolkit

ComplianceCopy link

HECVAT Lite Version 3.03 is now in the FormAssembly Customer Trust Portal

Published at N/A

Version 3.03 of Higher Education Community Vendor Assessment Toolkit has been uploaded and is ready for download.

Published at N/A

ISO 27001 Surveillance Assessment Year 2 Final Report

ComplianceCopy link

FormAssembly's ISO 27001 Surveillance Assessment Year 2 Final Report is now available to request and download.

Published at N/A

FormAssembly SOC 2 Type 2 Report

ComplianceCopy link

FormAssembly's SOC 2 Type 2 Report is now available to request and download.

Published at N/A

If you need help using this portal, please contact our Cybersecurity Risk team.

Contact Support

If you think you may have discovered a vulnerability, please send us a note.

Report Issue