Cloud Leader in Compliance

    We are constantly in risk assessment mode. Data breaches, data loss, account hijacking, insecure APIs, denial of service, and malicious insiders are at the top of the cloud adopter’s list of concerns and we prioritize efforts to mitigate those risks.

    FedRAMP Authorized

    SpringCM has achieved Federal Risk and Authorization Management Program (FedRAMP) Authorization, making it the first FedRAMP compliant Contract Lifecycle Management (CLM) solution. With the SpringCM FedRAMP certified document and contract management platform, federal agencies can meet the strict government security requirements while streamlining their complex business processes and the associated workflows for the billions of documents managed, significantly cutting down review and approval times. Read the full press release here.

    SpringCM’s Governance, Risk Management and Compliance (GRC) program is based on the Cloud Control Matrix (CCM) — which are Cloud Security Alliance's (CSA) "security principles to guide cloud vendors" to prospective customers.

    Our internal GRC management platform maintains appropriate mappings to NIST, ISO, CSA, and other privacy, legal, and regulatory standards are reviewed annually by expert counsel.

    SpringCM has completed CSA compliant Consensus Assessments Initiative Questionnaire (CAIQ) and we welcome customers to download and review the document.

    Cloud Security Alliance
    FedRAMP Authorized Privacy Shield Framework
    C-STAR Service SOC2 HIPAA Compliant
    Skyhigh Enterprise Ready OWASP Supporter

    Current Compliance Levels and Authorizations

    • FedRAMP – Moderate. Authorized as of August 24, 2017.
    • ISO 27001 & 27017 (View Certificate)
    • Certified with the EU-U.S. Privacy Shield Framework administered by the U.S. Department of Commerce’s International Trade Administration (ITA) since 2016
    • CSA STAR Attestation review under SOC 2 since 2014; Available under NDA
    • SOC 2 (All 5 Principles) since 2012; Available under NDA
    • First document centric workflow cloud platform to achieve SOC 2 Certification

    • SSAE 18 Type 2 – SOC 1 since 2008 (formerly SAS 70 and SSAE 16); Available under NDA

    • HIPAA Assessed and Compliant since 2015; Available under NDA
    • Earned Skyhigh's CloudTrust™ rating of Skyhigh Enterprise-Ready

    • Corporate Member of the OWASP Foundation

    In-process Initiatives

    • OWASP ASVS (review by Q4 2017)


    Questions About Security?

    Fill out the form below and we will be in touch.

    SpringCM Security