- Conga ActionGrid Security Datasheet
- Conga Composer Security Datasheet
- Conga Novatus Security Datasheet
- Conga Contracts Security Datasheet
Experienced and Proven Enterprise-Class Security, Privacy and Reliability
Conga® understands that organizations today face serious challenges when it comes to security and compliance. No matter the size, organizations must focus on providing security for their own data and that of their customers, as well as having a clear understanding of and plan to meet complex compliance requirements at the local, state, national and international levels. As a trusted partner, Conga builds these requirements and regulations into everything we do to help our customers meet security and compliance needs in industries from Finance and Healthcare to Pharmaceutical and Consumer.
Conga maintains formal and comprehensive security and privacy programs designed to protect our customer’s data at all levels. We are dedicated to safeguarding customers against known threats and staying ahead of the ever changing risk landscape. Conga’s processes and infrastructure are regularly audited and tested to ensure we meet industry standards and remain in front of all of the latest threats.
- State-of-the-Art Technology: Your data is transferred with high-grade TLS and multi-layered encryption at rest with AES-128 where appropriate. Encryption keys are stored separately from the data and hosted in our off-site, secure cloud and hosted infrastructure.
- Data Center Security: Our server hosting locations are physically secured, staffed 24x7x365 by trained security guards who have undergone a thorough auditing process.
- Data Access Security: You own and control your data. Access to the service components containing sensitive data is restricted for customer only access.
- In-House Monitoring: 24x7x365, our in-house security team reviews every security aspect of Conga.
- 3rd Party Testing: Our services undergoes independent, ongoing penetration testing, security scans and threat detection.
- Real-time Audit Log: We keep a real-time audit log of all data access and changes made by administrators and monitor and react to suspicious activities.
High Availability Infrastructure
- Redundancy: Our system spans numerous physical locations, with N+1 or greater redundancy to establish resilience for all components.
- Recoverability: We store backups in multiple secure locations and update them throughout the day, every day where applicable. Many of our services are transient in nature and thus only require the maintenance at the application layer.
- Uptime: Our technology ensures high availability of your information: no less than 99.9% uptime (with security in mind).
Conga has undergone a Service Organization Control 2SM (SOC2) examination resulting in a CPA’s report stating that management of Conga maintained effective design controls over the Security and Availability of its Conga Composer® and Conga NovatusSM service offerings. The following principles and related criteria have been developed by the American Institute of CPAs (AICPA) and the Canadian Institute of Chartered Accountants (CICA) for use by practitioners in the performance of trust services engagements:
- Security: The system is protected against unauthorized access (both physical and logical)
- Availability: The system is available for operation and use as committed or agreed
Experienced and Dedicated Staff
Conga employs dedicated security and compliance staff to ensure the protection of company and customer data. Our security team maintains a close watch on the entire lifecycle of our services from secure development practices to safe operational practices. While the security landscape is rapidly evolving; the Conga security team maintains close relationships with recognized security researchers to ensure we are maintaining the best in class security.
Here to Help
At Conga, we take security very seriously. If you would like additional information pertaining to the security, privacy or compliance of the Conga services please reach out to our sales or support team. Report security related issues of the Conga services to firstname.lastname@example.org.