10,000+ Global Customers, Including 41% of the Fortune 100, Trust and Rely On Conga for Their Data, Documents and Contract Lifecycle Management

Experienced and Proven Enterprise-Class Security, Privacy and Reliability

Conga® understands that organizations today face serious challenges when it comes to security and compliance. No matter the size, organizations must focus on providing security for their own data and that of their customers, as well as having a clear understanding of and plan to meet complex compliance requirements at the local, state, national and international levels. As a trusted partner, Conga builds these requirements and regulations into everything we do to help our customers meet security and compliance needs in industries from Finance and Healthcare to Pharmaceutical and Consumer.

Conga maintains formal and comprehensive security and privacy programs designed to protect our customer’s data at all levels. We are dedicated to safeguarding customers against known threats and staying ahead of the ever changing risk landscape. Conga’s processes and infrastructure are regularly audited and tested to ensure we meet industry standards and remain in front of all of the latest threats.

Enterprise-Grade Security

  • State-of-the-Art Technology: Your data is transferred with high-grade TLS and encryption at rest with AES-256 where appropriate. Encryption keys are stored separately from the data and hosted in our secure cloud and hosted infrastructure.
  • Data Center Security: Our server hosting locations are physically secured, staffed 24x7x365.
  • Data Access Security: You own and control your data. Access to the service components containing customer data is restricted.

Continuous Monitoring

  • In-House Monitoring: 24x7x365, our in-house security team reviews every security aspect of Conga.
  • 3rd Party Testing: Our services undergo independent, ongoing penetration testing, security scans and threat detection.
  • Real-time Audit Log: We keep a real-time audit log of all data access and changes made by administrators and monitor and react to suspicious activities.

High Availability Infrastructure

  • Redundancy: Our system spans numerous physical locations, with N+1 or greater redundancy to establish resilience for all components.
  • Recoverability: We store backups in multiple secure locations and update them throughout the day, every day where applicable. Many of our services are transient in nature and thus only require the maintenance at the application layer.
  • Uptime: Our technology ensures the highest availability and security of your information.

Trust and Compliance

Conga is committed to achieving and maintaining the trust and confidence of our customers. Integral to this mission is Conga’s dedicated in-house security and privacy team tasked with enabling Conga customers to meet a multitude of compliance, data protection, and regulatory obligations from around the globe. Conga’s trust and assurance activities include:   

  • Conga certifies to the U.S. Department of Commerce that it adheres to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.  Conga’s current certification is available at https:// www.privacyshield.gov/list.
  • Data Processing Addendums or Agreements including the Standard Contractual Clauses as approved by the European Commission and incorporating stringent requirements of Article 28 of the EU General Data Protection Regulation 2016/679.
  • Service Organization Control (SOC) reports: Conga’s information security control environment undergoes an independent evaluation annually. Conga’s most recent SOC 2, type II report covering security and availability is available upon request.
  • Cloud Security Alliance’s Consensus Assessments Initiative Questionnaire (CAIQ) https://cloudsecurityalliance.org/registry/conga/
  • HITRUST CSF Self-Assessment Report
  • Penetration testing conducted by industry-recognized 3rd party on material environment changes or annually.
  • Conga only utilizes infrastructure partners demonstrating ability to meet rigorous standards (ISO 27001, NIST, SOC 2).

Experienced and Dedicated Staff

Conga employs dedicated security and compliance staff to ensure the protection of company and customer data. Our security team maintains a close watch on the entire lifecycle of our services from secure development practices to safe operational practices. While the security landscape is rapidly evolving; the Conga security team maintains close relationships with recognized security researchers to ensure we are maintaining the best-in-class security.

Here to Help

At Conga, we take security very seriously. If you would like additional information pertaining to the security, privacy, or compliance of the Conga services please reach out to our sales or support team.  Report security related issues of the Conga services to security@getconga.com.