Third-Party Trust

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

For Access, Must Be On: Team, Enterprise, or Government Cloud

FormAssembly is a web-based application that is offered as a SaaS solution. Data and the type of data to be collected depends on the company using the service to collect it.

NOTE: We only perform evidence gathering for official attestations like SOC 2, ISO 27001, and etc.

Start your security review
View & download sensitive information
Ask for information
Aetna-company-logoAetna
Boston Medical Center-company-logoBoston Medical Center
CVS Health-company-logoCVS Health
Epic Games-company-logoEpic Games
Harvard Business School-company-logoHarvard Business School
UnitedHealth Group-company-logoUnitedHealth Group
Pentest Reports

Knowledge Base

    Does your organization have a Vulnerability and Patch Management Policy?
    Does your organization have a Third-Party Personnel Policy?
    Does your organization have a Software Development Lifecycle Policy?
    Does your organization have a Risk Management Policy?
    Does your organization have a Physical Security Policy?
View more

Third-Party Trust Updates

2024 Penetration Test Report

GeneralCopy link
Published at N/A

Updated Policies

ComplianceCopy link

First Batch of Updated Policies

  • Access and Personnel Security Policy
  • Asset Management Policy
  • Business Continuity and Disaster Recovery Policy and Plan
  • Incident Response Policy
  • Third Party Security Policy
Published at N/A

Ivanti

GeneralCopy link

We want to assure all our stakeholders that our organization does not utilize Ivanti Connect Secure or Ivanti Policy Secure products. Therefore, our systems and data remain unaffected by the vulnerabilities identified in Ivanti products. Our commitment to using robust and secure technology solutions aligns with our overarching goal of maintaining a resilient and secure digital environment.

Published at N/A

Privacy Policy Update

GeneralCopy link

Privacy Policy has been updated as of 2023-January-11

Published at N/A

New Questionnaires

ComplianceCopy link

New Questionnaire related to the Okta support case system unauthorized activity October 2023

Published at N/A*

New Questionnaire Added

  • HIPAA Questionnaire - Version 3.03 - 2022
Published at N/A*

FormAssembly 2023 ISO 27001:2013

ComplianceCopy link

FormAssembly has successfully completed an audit for ISO 27001 covering FormAssembly. The organization worked with A-LIGN to perform a detailed audit of its controls as they relate to ISO 27001.

  • Original Certification Date: June 14, 2021
  • Recertification Date: July 18, 2023
  • Expiry Date: June 14, 2024

A-LIGN Compliance and Security, Inc. certifies that the organization operates an Information Security Management System that conforms to the requirements of ISO/IEC 27001:2013.

The certificate and report can now be downloaded in the portal.

Published at N/A

FormAssembly 2023 SOC 2 Type 2

ComplianceCopy link

FormAssembly's controls are assessed by A-LIGN, who specialize in compliance across multiple industries, on an annual basis.

FormAssembly annually performs a SOC-2 Type-2 assessment. Our most recently available report covers from December 1, 2022 - May 31, 2023. An updated review period is scheduled with our auditors, and we expect an updated report to be available in mid-2023.

The SOC 2 report includes management’s description of FormAssembly’s trust services and controls as well as A-LIGN’s opinion of FormAssembly’s system design. You can find it under the Reports section of this Security Portal.

We maintain a SOC 2 Type 2 certification as a result of this regular audit activity and can share the most recent SOC 2 report with our customers upon request and under a non-disclosure agreement. The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security.

The scope of this report covers controls supporting the FormAssembly App and Enterprise/Compliance plans.

Published at N/A

Updated Policies Added

ComplianceCopy link

The following policies had be updated and added back to the security portal:

  • Access Control
  • Breach Investigation and Notification (BIN)
  • Compliance Audits and Communications
  • Data/Media Management
  • Encryption
  • Information Security
  • Mobile Device Security and Media Management
  • Risk Management and Risk Assessment
  • Secure Software Development and Product Security
  • System Audits, Monitoring and Assessments
  • Third Party Security
  • Threat Detection and Prevention
  • Vulnerability Management
Published at N/A

The following policies had be updated and added back to the security portal:

  • Business Continuity and Disaster Recovery
  • Business Continuity and Disaster Recovery Plan
  • Incident Response Policy
Published at N/A

Version 4.04 of CAIQ Security Questionnaire

ComplianceCopy link

Version 4.04 of CAIQ Security Questionnaire has been uploaded and is ready for download.

Published at N/A

Version 3.03 of Higher Education Community Vendor Assessment Toolkit

ComplianceCopy link

HECVAT Lite Version 3.03 is now in the FormAssembly Customer Trust Portal

Published at N/A

Version 3.03 of Higher Education Community Vendor Assessment Toolkit has been uploaded and is ready for download.

Published at N/A

ISO 27001 Surveillance Assessment Year 2 Final Report

ComplianceCopy link

FormAssembly's ISO 27001 Surveillance Assessment Year 2 Final Report is now available to request and download.

Published at N/A

FormAssembly SOC 2 Type 2 Report

ComplianceCopy link

FormAssembly's SOC 2 Type 2 Report is now available to request and download.

Published at N/A

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo