Trust

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

For Access, Must Be On: Team, Enterprise, or Government Cloud

FormAssembly is a web-based application that is offered as a SaaS solution. Data and the type of data to be collected depends on the company using the service to collect it.

NOTE: We only perform evidence gathering for official attestations like SOC 2, ISO 27001, and etc.

Aetna-company-logoAetna
Boston Medical Center-company-logoBoston Medical Center
CVS Health-company-logoCVS Health
Epic Games-company-logoEpic Games
Harvard Business School-company-logoHarvard Business School
UnitedHealth Group-company-logoUnitedHealth Group
Pentest Reports

Knowledge Base (FAQ)

    Is your organization compliant with SOC 2?
    Does your organization have a Vulnerability and Patch Management Policy?
    Does your organization have a Third-Party Personnel Policy?
    Does your organization have a Software Development Lifecycle Policy?
    Does your organization have a Risk Management Policy?
View more

Trust Updates

CVE-2024-6387 - The regreSSHion Bug - We are not affected.

VulnerabilitiesCopy link

What is CVE-2024-6387?

CVE-2024-6387 is a recently discovered vulnerability affecting certain operating systems. This vulnerability has the potential to compromise the security and integrity of systems running the affected OS versions.

Our Security Stance

We are pleased to inform you that our systems are not vulnerable to CVE-2024-6387. Here’s why:
  • Non-Affected Operating Systems: Our operational systems run on OS versions that are not impacted by CVE-2024-6387. We do not use any of the operating systems listed as vulnerable in this CVE report.
  • Proactive Security Measures: Our security team continuously monitors and evaluates potential threats. We ensure that our systems are updated and patched regularly to mitigate any emerging vulnerabilities.
  • Robust Security Protocols: In addition to avoiding vulnerable OS versions, we have implemented multiple layers of security protocols and measures to protect our systems and data.

References:

Published at N/A

SOC 2 Type 2 Report

ComplianceCopy link

FormAssembly's controls are assessed by A-LIGN, who specialize in compliance across multiple industries, on an annual basis.

FormAssembly annually performs a SOC-2 Type-2 assessment. Our most recently available report covers from December 1, 2023 - May 31, 2024. An updated review period is scheduled with our auditors, and we expect an updated report to be available in mid-2023.

The SOC 2 report includes management’s description of FormAssembly’s trust services and controls as well as A-LIGN’s opinion of FormAssembly’s system design. You can find it under the Reports section of this Security Portal.

We maintain a SOC 2 Type 2 certification as a result of this regular audit activity and can share the most recent SOC 2 report with our customers upon request and under a non-disclosure agreement. The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security.

The scope of this report covers controls supporting the FormAssembly App and Enterprise/Compliance plans.

Published at N/A

2024 Penetration Test Report

GeneralCopy link

TX-RAMP - Level 2 Certification for Customers in Texas that require TX-RAMP.

ComplianceCopy link

We are thrilled to announce that FormAssembly has successfully achieved TX-RAMP Level 2 Certification for Texas Enterprise Customers. This significant milestone underscores our unwavering commitment to providing top-tier security and compliance measures to safeguard your data.

What does this mean for you?

  • Enhanced Security: With TX-RAMP Level 2 Certification, FormAssembly reinforces its dedication to maintaining the highest standards of security protocols, ensuring the protection of your sensitive information.
  • Compliance Assurance: By meeting the stringent requirements of TX-RAMP Level 2, FormAssembly guarantees compliance with industry regulations, giving you peace of mind when handling confidential data.
  • Continued Trust: Our commitment to security and compliance reaffirms our dedication to earning and maintaining your trust as a valued partner.

We are proud to offer our enterprise customers an elevated level of assurance and protection through our TX-RAMP Level 2 Certification. As always, we remain committed to providing innovative solutions and exceptional service to meet your evolving needs.

Thank you for choosing FormAssembly as your trusted data collection and management platform.

TX-RAMP Level 2 Certification Letter: https://security.formassembly.com/?itemUid=6748f6b3-4d5a-4c99-b363-396357e04de2&source=title

  • TX-RAMP: TX1004899
  • Level: Level 2 Certification
  • Category: SaaS
  • Expiration: 03/13/2027
Published at N/A*

Updated Policies

ComplianceCopy link

First Batch of Updated Policies

  • Access and Personnel Security Policy
  • Asset Management Policy
  • Business Continuity and Disaster Recovery Policy and Plan
  • Incident Response Policy
  • Third Party Security Policy
Published at N/A

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo