Security

Agiloft takes a proactive approach to security. We enhance our security posture ahead of emerging threats and ensure that we are protected from the most recent security events that have impacted other businesses.

At Agiloft, risk management is deeply embedded in everything we do, from day-to-day operations to change management processes. We proactively evaluate risks across our organization, identifying vulnerabilities before they become issues. Our rigorous vendor assessments ensure that every partner meets our high standards for security. Whether responding to emerging third-party challenges or anticipating future needs, we approach risk management with foresight and precision, keeping your data and trust at the center of our efforts.

CLM Protects the most critical data in your company. At Agiloft, we understand that your organization’s most critical data requires more than just compliance—it demands proactive, forward-thinking protection. We are not just a vendor; we are your security partner, fully committed to preserving the sensitivity and value of your information. By meeting or exceeding your strictest security standards, we empower your organization to focus on its goals, knowing your data is in trusted hands.

With SOC 1, SOC 2, ISO 27001, and ISO 27701 certification, Agiloft’s customers can be confident that their data is secure.

Agiloft engages third party security companies to perform in-depth penetration assessments of the Agiloft application and our hosting infrastructure annually and after all major upgrades. This assessment uses both manual and automated techniques to search for technical vulnerabilities. In addition, we engage external parties to test the organization for resilience against social engineering attacks, a critical area of security which is too often overlooked. A copy of the most recent security audit can be provided upon receipt of a signed NDA.

With our Hosted Service, you get fully redundant AWS service whether inside or outside the USA. AWS offers full regulatory compliance with key standards such as SSAE 18, SOC 2 Type 2, HIPAA, and GDPR. For more complete security and compliance details, refer to the information listed on each provider’s website. For further information about Agiloft’s Hosted Service, see our Agiloft Hosted Service page.

The hosting infrastructure is firewall protected and the individual servers are hardened by the application of security best practices.

Our software provides precise access control at the record and field level, all managed by extensible group permissions. It implements security best practices such as encrypting passwords using the SHA-2 one-way hash function and protecting all communications with SSL encryption.

Agiloft develops code in accordance with the CERT Secure Coding Standard for Java and the OWASP Enterprise Security API (ESAPI) is used within the application to implement security best practices.

For our audit reports, business continuity plan, and additional security documentation, please visit our Trust Portal. For questions or concerns regarding Agiloft security, please reach out to [email protected].