Trust Center

Security at ContractShield

Built for construction teams that expect enterprise-grade protection. Our security program layers people, process, and technology to keep your projects safe.

Infrastructure & encryption

Hosting on SOC 2 and ISO 27001 certified providers with TLS 1.2+ in transit and AES-256 at rest across databases and object storage.

Identity & access management

Role-based access controls, enforced MFA, SAML SSO, SCIM provisioning, and Just-In-Time admin elevation with audit trails.

Application security

Automated dependency scanning, static analysis in CI, and quarterly third-party penetration testing with remediation tracking.

Compliance roadmap

Assurance & certifications

SOC 2 Type I audit is underway with Type II planned for the next reporting cycle. We adhere to the CIS Critical Security Controls, maintain a living vendor management register, and align with GDPR and CCPA requirements.

Incident response

Prepared for the unexpected

Our incident handlers rehearse tabletop exercises each quarter and use structured runbooks to keep teams aligned during the rare events that require mitigation.

24/7 monitoring with automated paging to the on-call security engineer.

Incident severities and customer communications governed by our runbooks.

Post-incident reviews shared with affected customers including remediation timelines.

Report a security concern

Reach our security team directly for vulnerability disclosures, responsible reporting, or compliance questions.

Email: security@contractshield.io

We acknowledge security reports within one business day and provide status updates through resolution.