How does BlackLine proactively manage security risks?

BlackLine proactively notifies you of security vulnerabilities. We also commit to an always-on model of security improvement. We have consistently been the first in our space to offer certifications and attestations.

How does BlackLine’s security infrastructure protect my data?

BlackLine partners with top-tier data centers and hosting environments that are SOC 2 Type 2 attested and ISO 27001 certified to ensure the availability and security of our service and to protect client data from theft, corruption, or mishandling.

How can I obtain BlackLine SOC Reports and ISO Certifications?

BlackLine customers can request a copy of the most recent SOC reports and ISO certifications through their sales representative.

What best practices does BlackLine recommend?

We’re committed to ensuring customers can securely access BlackLine applications. Given ever-evolving security threats, we recommend you take certain precautions to help protect your organization from unauthorized access. IP allow listsAn IP allowlist from designated addresses limits users who do not have access via the corporate LAN or VPN. Administrators can identify the accepted IP addresses that should have access to BlackLine. Users not part of the range of permitted IP addresses will not be granted access. Strong password policiesProtect your company by strengthening password policies. Visit the Security Settings page in your BlackLine applications to do this.

How does BlackLine manage physical security?

Our service is co-located in dedicated spaces at top-tier data centers. These facilities provide carrier-level support, including: Access control and physical security24-hour manned security, including foot patrols and perimeter inspectionsComputing equipment in access-controlled steel cagesVideo surveillance throughout the facility and perimeterAsset removal trackingSecure, on-campus network operations centers monitoring the building management systemBuildings engineered for local seismic, storm, and flood risks Environmental controlsThe entire HVAC plant—including chillers, compressors, heat exchangers, and distribution systems—is monitored for all environmental operating parameters by a building management systemRedundant N+2 HVAC cooling system with 100% service level agreement PowerUnderground utility power feedRedundant (N+2) CPS/UPS systemsRedundant power distribution units (PDUs)Diesel generators with on-site diesel fuel storage NetworkRedundant internal networksNetwork neutral; connects to all major carriers and located near major internet hubsHigh bandwidth capacityFire detection and suppressionState-of-the-art fire detection and suppression systems using the latest advances in pre-action water

How does BlackLine approach data protection?

Secure transmission and network protectionConnection to the BlackLine environment is protected via TLS cryptographic protocols, ensuring that our users have a secure encrypted connectionPerimeter firewalls and edge routers block unused protocolsInternal firewalls segregate traffic between the application and database tiersIntrusion detection sensors throughout the internal network use a security management system to log, alert, and report eventsA third-party service provider periodically scans the network externally and alerts BlackLine to changes in baseline configuration Disaster recovery and backupsBlackLine deploys controls such as off-site data storage and near real-time data replication between the production data center and the disaster recovery centerData is transmitted across an encrypted tunnelAll data is backed up daily at each data center Testing and security monitoring BlackLine tests all code for security vulnerabilities before releaseWe regularly scan our network and systems for vulnerabilitiesThird-party assessments are also conducted regularly:Application vulnerability assessmentsNetwork vulnerability assessmentsPenetration testing and code reviewSecurity control frameworkOur Information Security department monitors notifications from various sources and alerts from internal systems to identify and manage threats.

Where can I find BlackLine’s privacy policy?

Read BlackLine’s privacy policy.

Where can I find BlackLine’s API Terms of Service?

Read BlackLine’s API Terms of Service.

What if I’m having trouble with my password or suspect I’ve been the victim of phishing?

Do not give out your user credentials or login information to anyone. Remember, BlackLine will never ask you for your password.If you have any issues with your password or logging into applications, you may reset your password from the login page, or contact your BlackLine System Admin. If you are still having trouble, head to the Customer Support Portal.

What if I suspect a security threat or vulnerability?

If you suspect a security threat or vulnerability, please submit a report to our Information Security team at security@blackline.com.

Think data security in financial software is non-negotiable? So do we.

Get the most comprehensive protection available in the industry.

Schedule a demo

We wear our credentials like
badges of honor

BlackLine maintains world-class security by periodically attesting against internationally recognized security, auditing, and privacy standards. The following attestations and certifications translate to unsurpassed security and privacy assurance for our customers:

SECURITY STANDARDS

ISO/IEC 27001 (Information Security Management)
ISO/IEC 27017 (Cloud Security)
ISO/IEC 27018 (Cloud Privacy)
ISO/IEC 27701 (Privacy Information Management)

AUDITING STANDARDS

SOC 1 - Type 2
SOC 2 - Type 2
SOC 3

Safeguarding your data every step of the way

To take full advantage of cutting-edge tools like AI, you need iron-clad data security and privacy. With BlackLine, your data is protected from theft, corruption, and mishandling. That's what being the future-ready platform for the Office of the CFO is all about.

Uncompromising commitment to privacy and security

We know trust is critical, which is why BlackLine invests in maintaining a robust Information Security Management System (ISMS) and Privacy Information Management System (PIMS). We provide ongoing attestations and certifications so you have independent assurance around our security and privacy programs. We continuously update our independent attestations and internationally recognized certifications, including semi-annual SOC Reports and ISO 27001 (Information Security Management), ISO 27017 (Cloud Security), ISO 27018 (Cloud Privacy), and ISO 27701 (Privacy Information Management) certifications. We’re the first and only vendor to offer customers this degree of independent assurance over security and privacy programs in the financial software platform space.

Evolution that stays ahead of the game—instead of reacting to it

You’ll get an always-on approach where we proactively notify you of security vulnerabilities and improvements. We also maintain an industry-leading security and privacy program and have a proven track record of evolving ahead of the market. We were the first cloud financial close automation solution to achieve ISO/IEC 27001, ISO 27017, ISO 27018, and ISO 27701 certifications and complete a SOC 2 Type 2 examination—and we continue to approach security and privacy with the same rigor.

Seamless and secure integration with your current ERP stack

Use the most comprehensive ERP integration in the market to protect your data at rest and in transit, restrict unauthorized access, and establish configurable risk rules to quickly identify irregular activity. While improving data security, you’ll also increase data quality by importing financial data directly from your ERP into BlackLine, eliminating the risk of data entry errors. Each and every step of your financial operations is tracked, providing you with a full audit trail.

Privacy and security worthy of the industry's biggest movers and shakers

Using BlackLine as your future-ready financial software platform, you’ll join a cohort of over 4,400 companies. Nine of the Fortune 10 and 50% of the Fortune 500 have decided to trust BlackLine with their data security and privacy.

BlackLine’s Jill Knesek on being named one of the Top 100 CISOs in North America by CISOs Connect™.

"BlackLine has a long history at the forefront in the adoption of information security standards. This is a testament to the team's tireless work to stay ahead of the curve and ensure security and privacy across all our cloud services."

Jill Knesek
CISO, BlackLine

Frequently asked questions

Ready to kick start your journey to secure, future-ready financial operations?