Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

Overview

FormAssembly Inc. (FormAssembly) is committed to ensuring the confidentiality, integrity, and availability (CIA) of all sensitive information that it receives, processes, stores, and/or transmits on behalf of its Customers.

The purpose of the FormAssembly Information Security program is to ensure that sensitive data, such as all electronic protected health information (ePHI) and payment card holder data (CHD), is handled appropriately. FormAssembly intends to maintain compliance, address information security risks, and assure known breaches and disclosures are communicated in a timely and useful manner.

FormAssembly develops and operates software (the "Application" or "FormAssembly"), which is sold under the FormAssembly Inc. brand. Under this brand, FormAssembly provides FormAssembly using the Software-as-a-Service (SaaS) model.

FormAssembly provides the FormAssembly Service as a secure and compliant cloud-based application. The FormAssembly service is offered under three models:

  1. FormAssembly Professional and Premier Plans - a multi-tenant application
  2. FormAssembly Enterprise Cloud - a single-tenant option
  3. FormAssembly Compliance Cloud - a single-tenant option

Compliance

FedRAMP Moderate Logo
FedRAMP Moderate
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
PCI DSS Logo
PCI DSS
Privacy Shield Logo
Privacy Shield
SOC 3 Logo
SOC 3
SOC 2 Logo
SOC 2
Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Submit security questionnaires
  • Ask for more information
Had access before? Reclaim access

FormAssembly is reviewed and trusted by

Ace HardwareAce Hardware
AetnaAetna
American Psychological AssociationAmerican Psychological Association
Boston Medical CenterBoston Medical Center
Charles Koch InstituteCharles Koch Institute
City and County of DenverCity and County of Denver
City of TorontoCity of Toronto
Council on AccreditationCouncil on Accreditation
CVS HealthCVS Health
Epic GamesEpic Games
Fidelity InvestmentsFidelity Investments
GE AppliancesGE Appliances
Guide Dogs for the BlindGuide Dogs for the Blind
Habitat for HumanityHabitat for Humanity
Harvard Business SchoolHarvard Business School
Jewish Community FederationJewish Community Federation
Jewish Vocational ServiceJewish Vocational Service
Johnson & JohnsonJohnson & Johnson
LendingTreeLendingTree
Marriott InternationalMarriott International
Massachusetts General HospitalMassachusetts General Hospital
The Michael J. Fox Foundation for Parkinson's ResearchThe Michael J. Fox Foundation for Parkinson's Research
NAACPNAACP
Muscular Dystrophy AssociationMuscular Dystrophy Association
National Psoriasis FoundationNational Psoriasis Foundation
National Safety CouncilNational Safety Council
New York Institute of TechnologyNew York Institute of Technology
Palantir TechnologiesPalantir Technologies
Paralyzed Veterans of AmericaParalyzed Veterans of America
PearsonPearson
Quicken LoansQuicken Loans
PwCPwC
QualTekQualTek
Rapid7Rapid7
Sandy Hook PromiseSandy Hook Promise
Sierra ClubSierra Club
Stanford UniversityStanford University
Teach For AmericaTeach For America
The College BoardThe College Board
TreehouseTreehouse
UnitedHealth GroupUnitedHealth Group
ZocdocZocdoc

Documents

All
Public
Private
9 Documents
Network Diagram
PCI DSS
Pentest Report
ISO 27001
PCI DSS
SOC 3
HECVAT Full
Other Policies

Risk Profile

Data Access LevelRestricted
Impact LevelModerate
Recovery Time Objective< 24 Hours
See more

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Reports

Network Diagram
PCI DSS
Pentest Report
See more

Completed Forms

HECVAT Full

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Bot Detection
Bug Bounty
Code Analysis
See more

Legal

Cyber Insurance
Data Processing Agreement
Master Services Agreement
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
Amazon Web Services
BC/DR
See more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
See more

Network Security

Data Loss Prevention
DNSSEC
Firewall
See more

Corporate Security

Email Protection
Employee Training
HR Security
See more

Policies

Acceptable Use Policy
Access Control Policy
Anti-Malicious Software Policy
See more

Security Grades

Qualys SSL Labs
FormAssembly CC
A
FormAssembly EC
A
FormAssembly App
A
FormAssembly Main
A

Trust Center Updates

Okta LAPSUS$ Update

Published at 04/22/2022, 10:20 PM

As Okta first became aware that the threat actor had successfully taken screenshots on March 21, 2022, Okta responded with transparency, sharing what Okta knew at the time. On March 22, 2022, Okta began notifying the maximum number of potentially impacted customers, which Okta scoped by examining all of the access performed by all Sitel employees to the SuperUser application during the 5-day window. Okta has shared logs from the SuperUser app with each of those customers, and held meetings that included Okta Security staff to help customers understand their log data.

How is FormAssembly responding to this news?

There was no impact to FormAssembly customers.

Okta LAPSUS$

Published at 03/28/2022, 2:59 PM

Okta in the news

In March 2022, a threat actor known as LAPSUS$ claimed to have compromised Okta, a company FormAssembly and many of our peers use for authentication of third-party apps internally.

How is FormAssembly responding to this news?

We take the security and safety of our company and our platform seriously. We have not identified any impact to FormAssembly. We will continue to actively monitor our systems and take the necessary actions in order to keep our community safe.

If you think you may have discovered a vulnerability, please send us a note.

Report Issue