Data Security


Concord operates on highly secured servers that comply with the strictest international and industry-specific standards, including:

  • ISO 27001
  • SSAE 16/SOC 1, SOC 2, and SOC 3
  • PCI DSS Level 1
  • FISMA, DIACAP, FedRAMP, and FIPS 140-2
  • HIPAA, Cloud Security Alliance and MPAA


Concord stores all content in geographically dispersed, ISO 27001-certified and SSAE 16-audited, data centers throughout the United States and Europe. These data centers include state-of-the-art physical and environmental access controls and safety features including:

  • 24/7 professional security staff, video surveillance, and intrusion detection systems
  • Fire detection and suppression, redundant electrical power systems, and uninterruptible power supply (UPS)
  • Monitoring of electrical, mechanical, and life support systems and equipment


All connections to Concord are encrypted with the bank industry standard AES-256, which was established by the U.S. National Institute of Standards and Technology (NIST) and uses SHA-2 to ensure data integrity. In addition to anti-tampering controls, a comprehensive audit trail gathers every single transaction with IP addresses and user information.


In order to provide a highly reliable service, Concord uses redundant and geo-dispersed servers; we can adjust their capabilities in real-time depending on the current load. In addition to data replication, automated backups prevent any data loss.


Concord uses independent third parties to conduct regular security audits as well as static and dynamic analysis scans. Internally, security audits are regularly performed by a dedicated security team under the supervision of the Board of the company. IT employees receive regular security training, and all updates and new features are reviewed for security, as security testing is integrated into the application development lifecycle.


Concord’s security policies and features are designed to keep documents and transactions secure. Should you need additional security customizations to match your company’s policies, Concord offers additional options, including:

  • Complex Password – requires all users to have a complex password (containing uppercase letters as well as numbers) which must be changed every 6 months
  • Double Authentication – stipulates that all users and/or third parties use double authentication method to sign their contracts
  • Regional Specific Data Hosting – the ability to either host your data in the U.S. or in Europe

Concord uses a PCI Data Security Standard (PCI DSS) Level 1 provider to process payments. PCI Data Security Standard (PCI DSS) ensures companies that process, store or transmit credit card information maintain a secure environment. See PCI SSC Data Security Standards Overview for more information.

For questions about these or any Concord terms or policies, email us at

Automate compliance, increase revenue, scale faster and more sustainably.

Automate compliance, increase revenue, scale faster and more sustainably.