Security Reports/Published Documents
Our data security is mission-critical, and we take our commitment to protecting it extremely seriously. It’s just one more reason so many leading social good organizations trust us as their partner.
- Blackbaud's Information Security team leverages the industry standard CIA Triad Model (Confidentiality, Integrity, Availability) in conjunction with various industry control frameworks, such as the NIST CSF, PCI DSS, SOC 1, SOC 1 type 2, and others to protect our solutions.
View more information on Blackbaud's Cyber Security Program in the below white papers and tip sheet.
PCI Compliance
Since 2000, Blackbaud has processed credit card payments for philanthropic organizations around the world and we adhere to the stringent Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA DSS) by:
- Encrypting and tokenizing all card information
- Preventing clients from accessing your card data
- Blackbaud has also implemented additional payment security measures — such as fraud mitigation tools — that ensure your credit card information is, and remains, safe.
- Blackbaud Payments 2023 PCI Report Download
SOC1
A Service Organization Control (SOC) 1 audit, intended for CPA firms that audit financial statements, evaluates the effectiveness of internal controls that affect the financial reports of a client using a service provider’s cloud solutions. The Statement on Standards for Attestation Engagements (SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) are the standards under which a SOC 1 audit is performed and the basis of a SOC 1 report. The Type II designation ensures that the controls have been in place over a period of time from six months to one year. Blackbaud SOC 1 Report
SOC2
A Service Organization Control (SOC) 2 audit gauges the effectiveness of a service provider’s system or applications, based on the AICPA Trust Service Principles (security, availability, processing integrity, confidentiality, and privacy). The Type II designation ensures that the controls have been in place over a period of time from six months to one year.\ Blackbaud SOC 2 Report
Security Breaches will be reported to:
hoyt@clemson.edu
tdaniel@clemson.edu
tim2@clemson.edu
wagnera@clemson.edu
jovanna@clemson.edu
mccaul3@clemson.edu
orourke@clemson.edu
wil@clemson.edu
babbd@clemson.edu
cribb3@clemson.edu
CCIT's Security Page: https://ccit.clemson.edu/services/security/