www.blackbaud.com
Open in
urlscan Pro
2606:4700::6810:40e
Public Scan
URL:
https://www.blackbaud.com/security
Submission: On July 15 via api from US — Scanned from DE
Submission: On July 15 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Skip to Main Content
blackbaud-logo search clipboard folder-download B_logo facebook twitter
instagram youtube linkedin2
Skip Navigation
* Products
POPULAR PRODUCTS
--------------------------------------------------------------------------------
* RAISER'S EDGE NXT
Industry-leading fundraising platform
* ETAPESTRY
Fundraising built for smaller orgs
* DATA INTELLIGENCE
Prospect research, data health, insights
* LUMINATE ONLINE
Comprehensive online fundraising campaigns
* JUSTGIVING FROM BLACKBAUD
Trusted peer-to-peer fundraising
* FINANCIAL EDGE NXT
Purpose-built nonprofit accounting
* MERCHANT SERVICES
Secure nonprofit and school payment processing
* K–12 SCHOOL MANAGEMENT
Integrated LMS, SIS and Tuition Management
* TUITION MANAGEMENT
Connected tuition and fees management for your school
* ALTRU
Ticketing and membership for arts and cultural organizations
* YOURCAUSE FROM BLACKBAUD
CSR employee giving and engagement
* GRANTMAKING
Powerful grant management for funders
--------------------------------------------------------------------------------
View All Products
* Solutions
SOLUTIONS BY NEED
--------------------------------------------------------------------------------
* Fundraising And Engagement
* FUNDRAISING AND ADVANCEMENT
* PEER-TO-PEER FUNDRAISING
* DONOR AND PROSPECT RESEARCH
* MARKETING CAMPAIGNS AND WEBSITES
* Education Solutions
* K–12 SCHOOL MANAGEMENT
* EDUCATION MANAGEMENT FOR HIGHER ED
* AWARD AND SCHOLARSHIP MANAGEMENT
* Financial Management
* ACCOUNTING
* TUITION MANAGEMENT
* FINANCIAL AID MANAGEMENT
* PAYMENT AND PURCHASING SERVICES
* CSR and Grantmaking
* EMPLOYEE GIVING AND VOLUNTEERING
* GRANT MANAGEMENT
SOLUTIONS BY ORGANIZATION TYPE
--------------------------------------------------------------------------------
* NONPROFITS AND CHARITIES
* K–12 SCHOOLS
* HIGHER EDUCATION INSTITUTIONS
* ARTS AND CULTURAL ORGANIZATIONS
* HEALTHCARE ORGANIZATIONS
* FOUNDATIONS
* COMPANIES
--------------------------------------------------------------------------------
View All Solutions
* Why Blackbaud
* THE BLACKBAUD DIFFERENCE
Discover why we're your best partner
* OUR VISION
Build a Better World
* BLACKBAUD INSTITUTE
Industry-leading research and insights
* INTELLIGENCE FOR GOOD
Our comprehensive approach to AI
* CUSTOMER STORIES
See why teams like yours choose Blackbaud
* OUR FLEXIBLE ECOSYSTEM
Software that grows with you
* Resources
* Partners
* BECOME A PARTNER
Join Blackbaud's partner program to build, sell, refer, and service our
unmatched solutions for social impact.
* Resources
* EVENTS AND WEBINARS
Join us online or in person
* RESOURCE CENTER
Advance your goals with free tip sheets, ebooks, videos, and more from our
experts
* Best Practices and Research
* INDUSTRY RESEARCH
Sector trends and insights from the Blackbaud Institute
* THE ENGAGE BLOG
Best practices and the latest learning for social good professionals
Webinar Series
|
Navigating AI
Register for the free summer series for strategies to power your impact with
AI.
--------------------------------------------------------------------------------
View All Resources
* Training and Support
* Training, Support, and Success Options
* BLACKBAUD UNIVERSITY
Flexible, free, and subscription-based training options on products and
industry best practices
* AWARD-WINNING SUPPORT
Whether you want to self-serve or need help, we have options that fit your
needs
* Support & Training Quick Links
* SUPPORT LOGIN
* KNOWLEDGEBASE
* BLACKBAUDU CAMPUS
* BLACKBAUD COMMUNITY
* HOW-TO DOCUMENTATION
* DOWNLOADS
* PRODUCT IDEA BANKS
*
--------------------------------------------------------------------------------
Chat With Support
* Request a Demo
Sign In
Search
Additional learning and help resources
* Documentation
* Blackbaud University
* Support
* Knowledgebase
* Blackbaud ID
Request a Demo
SECURITY
1. Home
2. Security
Your organization’s data security is mission-critical, and we take our
commitment to protecting it extremely seriously. It’s just one more reason so
many leading social good organizations trust us as their partner.
* Our Information Security team leverages the industry standard CIA Triad Model
(Confidentiality, Integrity, Availability) in conjunction with various
industry control frameworks, such as the NIST CSF, PCI DSS, ISO27001, SOC 1,
SOC 1 type 2, and others to protect our solutions.
View more information on our Cyber Security Program in the below white papers
and tip sheet.
* White Paper: Blackbaud Cyber Security Overview
* White Paper: Blackbaud Business Continuity Management
* White Paper: Blackbaud Cyber Security Incident Management and Response
Overview
* White Paper: Blackbaud Cyber Security Program and Policy Framework
* White Paper: Data Trust Statement
* White Paper: Blackbaud and the Public Cloud Whitepaper
* Data Sheet: Blackbaud Luminate Online® Security Overview
TRANSPARENCY
Blackbaud provides audit reports by request to our subscription customers, their
auditors, and our prospective customers, including SOC 2 type 2, SOC 1 type 1,
and bridge letters for both SOC 1 and 2 reports, where applicable*.
Blackbaud provides PA-DSS and PCI-DSS attestations of compliance to Blackbaud
Internet Services and Blackbaud Payment Solutions*.
Blackbaud also leverages the Cloud Security Alliance’s CAIQ assessment
questionnaires to provide transparency regarding the adherence of our products
to the CSA Cloud Controls Matrix. All current Blackbaud CAIQs are available via
the Cloud Security Alliance.*
SECURITY
INFRASTRUCTURE SECURITY
Our security, privacy, and risk-management teams work every day to ensure the
safety of your data by adhering to industry standard practices, conducting
ongoing risk assessments, aggressively testing the security of our products, and
continually assessing our infrastructure.
Your Blackbaud solution is secure, protected, and reliable through:
* Robust and continuous Cloud Account/Subscription Governance and control
monitoring
* Clear security requirements and reporting on data protection, encryption, and
monitoring
* Routine vulnerability assessments and DDoS automitigation response
* Active participation in CyberSecurity thought leadership:
* Blackbaud is a member of Cloud Security Alliance (CSA) and assesses our
products and environments against the CSA CAIQ (consensus Assessment
Initiative Questionnaire).
* Blackbaud Security is a member of the Financial Services Information
Sharing and Analysis Center (FS-ISAC), a thought leadership and information
sharing community for collaboration on critical security threats facing the
global financial services sector.
* Blackbaud partners with the Information Sharing and Analysis Center for
Nongovernmental Organizations (NGO-ISAC) to participate in collaboration
regarding US-Based nonprofit/nongovernmental organizations under attack
from sophisticated threat actors.
* Partnership with Microsoft and Azure
* Blackbaud engages in an Azure-first model and partners consistently with
Microsoft. This provides us access to industry threat intelligence and
early previews regarding upcoming Azure feature capabilities and security
releases.
* Partnerships with other cloud providers and independent third parties for
reviews
Blackbaud also leverages tactical Cyber Security strategies for safeguarding our
environments and data by utilizing the NSA’s Defense in Depth techniques and
layered security, including:
* Data Protection
* Application Security
* Host Based Security
* Internal Network Security Measures
* Perimeter Security
* Physical Security
* Policies/ Procedures/ Awareness
* Blackbaud’s Cloud Security includes rigorous standards across physical,
application, and personnel security
Blackbaud utilizes System Center (SCOM) for internal out of the box monitoring
with customized management packs that monitor within the application layer from
the inside out to include an early warning detection system that allow us the
time to investigate and respond to an issue before it becomes an impactful
event.
PHYSICAL SECURITY
Blackbaud enforces strict physical datacenter security based on best practices
and SSAE18 audit guidelines:
* All building entrances, the datacenter floor, and secure areas require card
key access. The datacenter floor and secure areas also require two factor
biometric authentication (hand/finger prints and iris scan).
* Active patrol guards are onsite to monitor the interior and exterior of our
facilities 24 hours a day, 365 days a year. We also have security cameras
covering all entrances, alternate workspaces, and the datacenter floor.
APPLICATION SECURITY
Blackbaud ensures the security of our applications through:
* Constant education and partnership with Blackbaud development community with
robust and varied training programs
* Routine vulnerability assessments
* Continually empowering our developers with security tools to leverage early
in the security SDLC processes
ENCRYPTION
* Blackbaud uses various strong encryption mechanisms across our environments
and products, including TLS 1.2, AES 256, RSA 1024 and other FIPS140-2
encryption algorithms.
AUTHENTICATION
* Through Blackbaud ID, we support multi-factor authentication and modern
identity providers (IdP) such as Microsoft Azure Active Directory, Okta, and
SAML-based providers such as Google G-Suite so you can control your end-user
login experience*.
SECURITY AWARENESS
Blackbaud employees are all engaged in on-going Security Awareness and rigorous
training campaigns to ensure they are empowered to protect both Blackbaud’s and
our customers’ data. All employees are provided continual phishing simulation
testing to increase their awareness of cyber security social engineering and
phishing techniques.
The Blackbaud Security team additionally partakes in global communities and
conference platforms—such as bbcon, WISCYS, and local security conferences—to
share information and present on industry best practices to improve the
community’s security awareness posture.
TESTING
The Blackbaud Security team prioritizes routine testing to identify and
remediate vulnerabilities and risks by leveraging:
* Dedicated Red Team
* Routine Penetration Testing
* Routine Code and Vulnerability Scanning
* Cloud Audits & Assessments
* Phishing Simulations
PRIVACY
Driving social good on a global scale—spanning the public, private, and social
sectors—requires a detailed understanding of privacy standards. Blackbaud has
dedicated legal counsel who continually evaluate upcoming and changing
regulations as they relate to data privacy to ensure we are aligned to these
regulations, as well as providing thought leadership for our customers on the
operational impact of these regulations and compliance requirements. Visit our
privacy resource site.
Further, we will continue to work on ways to improve the user experience in the
products, specifically as regards the capture, recording, and use of your
supporters’ consent. We ensure that (when applicable) our products and internal
processes comply with and enable customers to comply with:
* General Data Protection Regulation (GDPR) regulations in the United Kingdom
and the European Union that establish commercial standards for data
protection and privacy for all individuals in those areas.
* Learn more about Blackbaud’s GDPR compliance
* US State data privacy laws—including the California Consumer Privacy Act as
amended by the California Privacy Rights Act—which enhance privacy rights and
consumer protection for residents of those states.
* We have made changes here at Blackbaud for our own compliance with these
new state laws, particularly with respect to our Data Intelligence
business. We have prepared new notices, implemented mechanisms for
individuals to submit consumer rights requests, and readied our engineers
to create robust subject access reports upon request. Blackbaud acts as a
data controller when it provides Data Intelligence services, including
Target Analytics®, and accordingly will comply with consumers’ access
requests, deletion requests, and opt out requests. Individuals who opt out
of the sale of their data will be excluded from the data sets we use for
customer data enrichment services. For more information, refer to our
website for Data Subject Rights Requests as well as our Privacy Policy.
* Global email laws, such as Canada’s Anti-Spam Legislation (CAN-SPAM) in the
US, and the UK’s Privacy and Electronic Communications Regulations (PECR)
govern the sending of electronic marketing messages.
* Blackbaud solutions contain functionality enabling customers to collect,
record, and use explicit consent to receive marketing emails in accordance
with email laws.
* Our email solutions allow customers to send email in line with legal
requirements and best practices, such as unsubscribe functionality.
We understand regulatory requirements and constituent expectations around data
privacy are a key priority for our customers as well. For more information about
how Blackbaud can help your organization with data privacy compliance, visit our
privacy resource site.
RELIABILITY
Blackbaud designs mission-critical cloud solutions exclusively for social good
organizations.
Our commitment to reliability is backed by our industry-leading service level
agreement of 99.9% availability—or you will be eligible for credits to your
subscription.
Our cloud solutions are modern and innovative and allow your teams to be
productive on any device at any time by leveraging Blackbaud SKY UX for natively
mobile experiences.
We amplify continuity of service through extensive disaster recovery policies,
regular offsite backups (performed nightly, weekly, or monthly), and redundant
architecture.
*compliance certifications and assessments may vary by product
INDUSTRY STANDARDS
Protect your organization.
DATA TRUST
Blackbaud maintains protocols and standards to help protect Customer Data,
meaning the data consisting of Customers’ confidential information, including
constituent data, contained in Blackbaud solutions. Customer Data doesn’t
include aggregated or anonymized data or data about a customer, like current or
prospective customer contact information held in our internal customer
management system. Blackbaud will only collect, process, and store Customer Data
that is necessary to fulfill contractual obligations with customers. Blackbaud
retains Customer Data throughout the full term of the contract for such
solution.
Upon cancellation of a solution, Blackbaud maintains a standard process to
remove Customer Data in accordance with industry standards. Typically, after a
customer leaves Blackbaud entirely or cancels a particular solution, Customer
Data with respect to that solution/s is decommissioned/removed from applicable
infrastructure, and then associated backups of that Customer Data are retained
(offsite) for 6-months before being automatically purged. In some instances,
Customer Data will be maintained to comply with legal and regulatory
obligations. Blackbaud may also keep Customer Data to assist with fraud
monitoring, detection, and prevention activities and to comply with tax,
accounting, and financial reporting obligations.
Additionally, Blackbaud is required to retain certain Customer Data through
contractual commitments to financial partners, and where data retention is
mandated by the payment method(s) utilized by the customer. In all cases where
Customer Data is retained, it is done in accordance with any limitation periods
and records retention obligations that are imposed by applicable law.
QUESTIONS? CONTACT US.
Report a security concern.
To obtain a summary of the most recent third-party audit reports for our
solutions:
* If you’ve purchased a Blackbaud solution, open a support case.
* If you are a prospective customer, contact your sales representative.
SECURITY
* Industry Standards
* Payment Security
* PCI Compliance
* PCI Compliance Upgrade
* Connectivity Changes
* Products
* Operating Systems & Browsers
* Compliance & Certifications
* Responsible Disclosure
Chat With Us
* Contact Us
* Company
*
* Our Leadership
* Corporate & Social Responsibility
* Newsroom
* Investor Relations
* Cybersecurity
* Privacy Resource Center
* Locations
* Careers
* Training
* Training
* Blackbaud University
* BlackbaudU Campus
* Explore Our Curriculum
* Training Subscriptions
* Continuing Education
* Blackbaud Certification
* Support
* Support
* Support Login
* Knowledgebase
* System Requirements
* Downloads
* How-To Documentation
* Become a Partner
* Become a Partner
* Blackbaud Marketplace
* Find a Partner
* For Developers
* Our Flexible Ecosystem
* Contact Us
Chat With Us
* Facebook
* Twitter
* LinkedIn
* YouTube
* Instagram
* Acceptable Use Policy
* Manage Cookies
* Your Privacy Choices
* Privacy Policy
* North America
* Canada
* Europe
* Pacific
* Blackbaud ID
* Terms of Use
© Copyright 2023 Blackbaud, Inc. All Rights Reserved.
Select Your Region
United States Canada Europe Pacific
Request A Demo
YOUR PRIVACY IS IMPORTANT TO US
We use cookies to enable site functionality and improve the performance of our
website. We also store cookies to personalize the website content and to serve
more relevant content to you. For more information please visit our privacy and
cookie policy.
Accept Cookies
Manage Cookies