3 Certifications Your Form Solution Should Have

Oct 19, 2016 | Enterprise, Marketing, Security + Integrations, Security and Confidentiality, Tips and Best Practices

It’s a big, scary digital world out there, and attacks on your data can come from just about anywhere. Some businesses (those that deal with sensitive healthcare data or payment card information) may have more to worry about, but any business that handles data needs to make sure they’re doing it in a responsible, secure way.

When you invest in any form platform, you’re trusting that the company helping you collect data and transfer it from one place to another has done its own research and is just as concerned about the correct collection and processing of data as you are. In case you’re not sure what to look for in a new form platform, here are some top certifications and abilities that it should have.

1. HIPAA Compliance

HIPAA violation fines can be costly and damaging to healthcare organizations and businesses that handle PHI (Protected Health Information). Settlements for HIPAA violations can cost companies millions of dollars and can happen because of data breaches, lost or stolen equipment, and even unintentional employee mistakes.

These are serious consequences, both monetary and otherwise, even for large organizations. Not to mention the patient distrust after a breach, even if there was no ill intent on the part of the hospital or other healthcare organization involved.

At FormAssembly, we understand the burden our healthcare clients deal with regarding the protection of sensitive information. On our Compliance Cloud plan we offer HIPAA compliance, which helps keep PHI safe. Here are the benefits to healthcare organizations from our HIPAA Compliance:

  • Compliance You Can Trust: We undergo GAP and Risk assessments and rigorous auditing to maintain our HIPAA compliance.
  • Sophisticated Encryption Best Practices: Data flagged as sensitive is encrypted with private keys generated specifically for the associated user.
  • Customizable, Flexible Password Protection: Our Compliance Cloud allows you to control password administration, requirements, and restrictions.
  • Flexible Storage Solutions: We offer our Compliance Cloud plan for customers with advanced data storage needs.
  • First-Class Priority: With the attentive service provided to Compliance Cloud users, you won’t have to wonder if FormAssembly was worth the investment.

2. PCI DSS Level 1 Certification

There are lots of reasons you might use forms to collect payment information. Donation forms, payable invoices, order forms, and event signup forms are just a few examples. With any of these examples it’s important to be cognizant about PCI compliance, which affects anyone who collects payment information.

To ensure that no credit card information is unnecessarily stored in FormAssembly, we require the use of one of our approved payment connectors for any FormAssembly forms that collect payment information. All FormAssembly plans are also PCI DSS Level 1 Certified.

We work with a third-party auditor and compliance assessor to make the procedural changes and updates needed to maintain Level 1 certification.

3. GDPR/EU-U.S. Privacy Shield Compliance

If you work for a European business, there are other certifications that are important for your form solution to have. We are compliant with both the GDPR and the EU-U.S. Privacy Shield.

The EU-U.S. Privacy Shield concerns data governance between the EU the U.S., and aims for greater transparency for the data of European citizens as well as stricter measures for U.S. companies. The GDPR is recognized as the most stringent data privacy and security law in the world and applies to any organization that collects personal data from people in Europe.

To ensure the highest standards of security and compliance, FormAssembly is compliant with these regulations and more on all plans. 


Is your form building platform secure and reliable? In this day and age, there’s no room for complacency or carelessness around data security and privacy. We take data of any sensitivity level very seriously and do our part to help you protect it. Learn more about our features and integrations or contact our team today.

Pin It on Pinterest

Share This