Concord operates on highly secured servers that comply with the strictest international and industry-specific standards, including:
- ISO 27001
- SSAE 16/SOC 1, SOC 2, and SOC 3
- PCI DSS Level 1
- FISMA, DIACAP, FedRAMP, and FIPS 140-2
- HIPAA, Cloud Security Alliance and MPAA
Hardware and infrastructure security
Concord stores all content in geographically dispersed, ISO 27001-certified and SSAE 16-audited, data centers throughout the United States and Europe. These data centers include state-of-the-art physical and environmental access controls and safety features including:
- 24/7 professional security staff, video surveillance, and intrusion detection systems
- Fire detection and suppression, redundant electrical power systems, and uninterruptible power supply (UPS)
- Monitoring of electrical, mechanical, and life support systems and equipment
All connections to Concord are encrypted with the bank industry standard AES-256, which was established by the U.S. National Institute of Standards and Technology (NIST) and uses SHA-2 to ensure data integrity. In addition to anti-tampering controls, a comprehensive audit trail gathers every single transaction with IP addresses and user information.
Reliability and backups
In order to provide a highly reliable service, Concord uses redundant and geo-dispersed servers; we can adjust their capabilities in real-time depending on the current load. In addition to data replication, automated backups prevent any data loss.
Concord uses independent third parties to conduct regular security audits as well as static and dynamic analysis scans. Internally, security audits are regularly performed by a dedicated security team under the supervision of the Board of the company. Each IT employee receives regular security training, and all updates and new features are reviewed for security, as security testing is integrated into the application development lifecycle.
Advanced custom security options
Concord’s security policies and features are designed to keep documents and transactions 100% secure. Should you need additional security customizations to match your company’s policies, Concord offers additional options, including:
- Complex Password – requires all users to have a complex password (containing uppercase letters as well as numbers) which must be changed every 6 months
- Double Authentication – stipulates that all users and/or third parties use double authentication method to sign their contracts
- Regional Specific Data Hosting – the ability to either host your data in the U.S. or in Europe
Concord does not store any credit card information on its servers. Payments are processed by a PCI Data Security Standard (PCI DSS) Level 1 provider. PCI Data Security Standard (PCI DSS) ensures companies that process, store or transmit credit card information maintain a secure environment. See PCI SSC Data Security Standards Overview for more information.
See more here.