SECURITY DATA SHEET Conga Contracts for Salesforce Security, privacy, and architecture Services overview Conga Contracts for Salesforce® is a contract lifecycle management application on the Salesforce AppExchange that helps manage, negotiate, and administer contractual agreements. Documents can be created either through an existing Conga Composer account or through Salesforce CPQ (Configure-Price- Quote). As a Salesforce user, you manage all interactions between the Conga services and your Salesforce account exclusively through your Salesforce administration and security settings. Conga infrastructure only after the completion of a successful background check, awareness and acknowledgment of privacy The Contracts for Salesforce service is regionally hosted and confidentiality agreements, and security training. with Amazon Web Services (AWS), available in the Access occurs through a multi-factor VPN or Private Proxy continental United States, within Europe, or Australia. connection. Additional authentication, authorization, and Each region is mirrored across multiple, geographically accounting are implemented through standard security dispersed data centers for fault tolerance and business mechanisms. These measures are designed to ensure that continuity within the region the service is set to use. only approved operations and support engineers have Customers may select specific regional processing locations access to the systems. Remote access to the environment upon implementation or by submitting a support ticket at is restricted to select operations staff and only available support.getconga.com/Reference/Contact_Support. via two-factor authentication. Encryption for external connections Network bandwidth and latency TLS encryption technology is utilized for data transfer Conga relies on the AWS network infrastructure to provide between all parties involved in the process. TLS connections low latency network availability between the Conga are negotiated for at least 256-bit encryption or stronger. services, Salesforce (when applicable), and end users. The private key used to generate the cipher key is at least The AWS Cloud infrastructure is built around regions and 2048 bits. It is recommended that the latest available availability zones. A region is a physical location in the browsers approved by salesforce.com be utilized for world where we have multiple availability zones. Availability connecting to the Conga service, because they are zones consist of one or more discrete data centers, each with compatible with higher cipher strengths and have redundant power, networking, and connectivity, and housed improved security. in separate facilities. These availability zones offer you the Network access control ability to operate production applications and databases A limited number of Conga operations team members which are more highly available, fault tolerant and scalable are granted access to Customer environments, and then than would be possible from a single data center. Conga Data Sheet | Conga Contracts for Salesforce Security monitors applicable networks and addresses internal issues Conga employee access to the service is limited to what is that may impact availability. required for support and maintenance purposes. Employee access is contingent on a successful background check, Anti-virus and anti-malware controls confidentiality agreements, and documented authorization Conga leverages best in class tools in order to monitor and by an engineering VP or above. Access for approved block virus and malware behavior. This includes protection employees is strictly controlled via VPN and against emerging threats beyond traditional, signature other authentication mechanisms. based solutions. Data management and protection Firewalls and intrusion prevention All Conga systems used in the provision of the Conga Conga utilizes firewalls as one component of a layered services, including AWS infrastructure components and approach to application infrastructure security. To operating systems, log information to their respective control access and allow only authorized traffic to Conga system log facility or a centralized Syslog server (for infrastructure, managed firewalls are used. In addition, network systems) to enable security reviews and analysis. Conga employs security policies to manage ingress and Customer data processed within the service is not persisted egress of data based upon protocol, port, source and for long term storage. However, documents flowing through destination within the environment. Any traffic not adhering the service are encrypted within cache for 24 hours. to these strict access controls is discarded at the Internet boundary. Internally host-based intrusion prevention and Post termination, data will be disposed of in a manner monitoring systems are deployed at the server and network designed to ensure that they cannot reasonably be layers, respectively. accessed or read. The only exception is if there is a legal obligation imposed on Conga which prevents it from deleting System hardening and monitoring all or part of the environments or data. Conga employs standardized system hardening practices The information customers provide during their use of Conga across Conga-managed devices. This includes restricting services that pertains to other individuals and entities is protocol access, removing or disabling unnecessary not collected or used by Conga, and remains under the software and services, removing unnecessary user accounts, ownership of Conga’s customers. Conga processes customer patch management, and logging. Additionally, Conga data under the direction of its customers and has no direct employs an enterprise-class vulnerability management control or ownership of the personal data it processes. program to monitor and alert on any non-authorized Customers are responsible for complying with any changes or security configurations. regulations or laws that require providing notice, disclosure, Services undergo 3rd party penetration tests on an annual and/or obtaining consent prior to transferring the data to basis or prior to release of a material change. Conga for processing purposes. Account provisioning and access control Incident response Conga Contracts for Salesforce integrates with your Conga has a rigorous incident management process Salesforce org via standard salesforce.com OAuth via for security events that may affect the confidentiality, the login credentials of a named principal of your choice. integrity, or availability of systems or data. If an incident Authorization configurations allow customers to choose occurs, the security team logs and prioritizes it according deployment for all users or named users. to its severity. Events that directly impact customers are assigned the highest priority. This process specifies courses The OAuth token prefaces Conga service’s interaction of action, procedures for notification, escalation, mitigation, with Salesforce, and the service runs under the authority and documentation. Key staff are trained in forensics and of the named principal Salesforce user, as defined by the handling evidence in preparation for an event, including the customer’s Salesforce administrator. System access use of third-party and proprietary tools. To help ensure the controls include system authentication, authorization, swift resolution of security incidents, the Conga security access approval, provisioning, and revocation for employees. team is available 24/7 to all employees. If an incident The customer is responsible for all end-user administration involves customer data, Conga will inform the customer within the program via salesforce.com. Conga does not and support investigative efforts via our security team. manage the customer’s end-user accounts within salesforce.com. Data Sheet | Conga Contracts for Salesforce Security Physical security Office disruptions Processing occurs within AWS data centers that are Conga maintains a globally diverse operations staff in housed in nondescript facilities. Professional security staff the event core offices have any significant disruption. strictly control physical access, both at the perimeter Additionally, all Conga employees have laptops and a and at building ingress points. Video surveillance intrusion secure process to access necessary resources to support detection systems are in place at a minimum of all ingress infrastructure and customers. and egress points. Authorized staff must pass two-factor authentication a minimum of two times to access data Conga audits and certifications center floors. All visitors and contractors are required to Conga is committed to achieving and maintaining the trust present identification, are signed in, and are continually and confidence of our customers. Integral to this mission is escorted by authorized staff. Conga’s dedicated, in-house security and privacy team. This team is tasked with enabling Conga customers to meet a Scalability multitude of compliance, data protection, and regulatory Conga services are designed to leverage the benefits of obligations from around the globe. Conga’s trust and a cloud architecture. This includes the capability to scale assurance activities include: compute, memory, and network resources to meet the y Conga certifies to the U.S. Department of Commerce that demands of our customers. Conga uses AWS Auto Scaling it adheres to the EU-U.S. and Swiss-U.S. Privacy Shield to maintain application availability and scale our capacity Frameworks. Conga’s