BlackLine Home page BlackLine home page
Solutions
Solutions
Financial Close Management
Financial Close Management
Overview
Overview
Account Reconciliations
Account Reconciliations
Task Management
Task Management
Transaction Matching
Transaction Matching
Journal Entry
Journal Entry
Compliance
Compliance
Variance Analysis
Variance Analysis
Smart Close for SAP
Smart Close for SAP
Accounts Receivable Automation
Accounts Receivable Automation
Overview
Overview
Cash Application
Cash Application
Credit & Risk Management
Credit & Risk Management
Collections Management
Collections Management
Disputes & Deductions
Disputes & Deductions
Team & Task Management
Team & Task Management
AR Intelligence
AR Intelligence
Intercompany Financial Management
Intercompany Financial Management
Overview
Overview
Intercompany Non-Trade
Intercompany Non-Trade
Intercompany Balance & Resolve
Intercompany Balance & Resolve
Intercompany Net & Settle
Intercompany Net & Settle
By Organization Size
By Organization Size
Midsize Organizations
Midsize Organizations
Large Enterprises
Large Enterprises
By Industry
By Industry
Banking & Financial Services
Banking & Financial Services
Consumer Products & Services
Consumer Products & Services
Energy & Raw Materials
Energy & Raw Materials
Healthcare & Life Sciences
Healthcare & Life Sciences
Manufacturing
Manufacturing
Retail
Retail
Technology, Media & Communications
Technology, Media & Communications
See All Industries
By ERP
By ERP
SAP
SAP
Oracle
Oracle
Oracle NetSuite
Oracle NetSuite
Microsoft Dynamics
Microsoft Dynamics
See All ERPs
By Topic
By Topic
Environmental, Social, and Governance
Environmental, Social, and Governance
Recruiting & Retaining Top Talent
Recruiting & Retaining Top Talent
Enabling an ERP Transformation
Enabling an ERP Transformation
Customers
Customers
Customer Success
Success Stories
Success Stories
Collaborative Accounting Experience
Collaborative Accounting Experience
Modern Accounting Playbook
Modern Accounting Playbook
BlackLine Services
BlackLine Services
CUSTOMER SUPPORT
Global Support
Global Support
Developer Portal
Developer Portal
BlackLine Community
BlackLine Community
Resources
Resources
Events
Events
Upcoming Webinars
Upcoming Webinars
On-Demand Webinars
On-Demand Webinars
White Papers
White Papers
Blog
Blog
Accounting Glossary
Accounting Glossary
Global Support
Global Support
About
About
Company
Company
About BlackLine
About BlackLine
Leadership
Leadership
Diversity, Equity & Inclusion
Diversity, Equity & Inclusion
Environmental, Social & Governance
Environmental, Social & Governance
In the News
In the News
Press Releases
Press Releases
Investors
Investors
Awards & Recognition
Awards & Recognition
Careers
Careers
Partners
Partners
Consulting Alliances
Consulting Alliances
Solution Provider Partners
Solution Provider Partners
Software & Cloud Partners
Software & Cloud Partners
Business Process Outsourcers
Business Process Outsourcers

Learn

Check out BlackLine's Privacy Resource Center under the tab above labeled "Privacy" where you can learn more about BlackLine's approach to privacy and review BlackLine's Subprocessor list.

Best Practices

BlackLine is committed to ensuring our customers are accessing their applications securely. Given the ever evolving security threats present, we recommend you take certain precautions to help protect your organization from unauthorized access.

IP Allow-List
IP Allow-list from designated IP addresses will limit users who do not have access, via the corporate LAN or VPN. By using IP Allow-list, administrators can identify the range of accepted IP Addresses that should have access to BlackLine. Users attempting to access BlackLine who are not part of the range of IP Addresses will not be granted access.

Strengthen Password Policies
An effective way to protect your company is to strengthen password policies. You may do this by visiting the Security Settings page in the application.

Physical Security

Our service is collocated in dedicated spaces at top-tier data centers. These facilities provide carrier-level support, including:

Access control and physical security

  • 24-hour manned security, including foot patrols and perimeter inspections

  • Computing equipment in access-controlled steel cages

  • Video surveillance throughout facility and perimeter

  • Building engineered for local seismic, storm, and flood risks

  • Tracking of asset removal

  • Secure, On-Campus Network Operations Center to Monitor Building Management System


Environmental controls

  • Entire HVAC plant—chillers, compressors, heat exchangers, and distribution systems — monitored for all environmental operating parameters by a Building Management System

  • Redundant N+2 HVAC cooling system with 100% Service Level Agreement


Power

  • Underground utility power feed

  • Redundant (N+2) CPS/UPS systems

  • Redundant power distribution units (PDUs)

  • Diesel generators with on-site diesel fuel storage

Network

  • Redundant internal networks

  • Network neutral; connects to all major carriers and located near major Internet hubs

  • High bandwidth capacity


Fire detection and suppression

  • State-of-the-art fire detection and suppression systems using the latest advances in pre-action water

Protection


Secure transmission and sessions

  • Connection to the BlackLine OnDemand environment is via TLS cryptographic protocols ensuring that our users have a secure encrypted connection


Network protection

  • Perimeter firewalls and edge routers block unused protocols

  • Internal firewalls segregate traffic between the application and database tiers

  • Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports

  • A third-party service provider periodically scans the network externally and alerts changes in baseline configuration


Disaster Recovery

  • The BlackLine OnDemand service performs a near real-time data replication between the production data center and the disaster recovery center

  • Data is transmitted across an encrypted tunnel


Backups

  • All data is backed up at each data center on a daily basis.



Internal and Third-party testing and assessments

  • BlackLine tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly:

  • Application vulnerability assessments

  • Network vulnerability assessments

  • Penetration testing and code review

  • Security control framework


Security Monitoring

  • Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.

Compliance

As part of our commitment to maintaining a world-class security infrastructure, we validate the effectiveness of our information security controls by periodically attesting against internationally recognized auditing standards - SSAE 18 / ISAE 3402 SOC 1 - Type 2 and SSAE 18 / ISAE 3000 [Revised] SOC 2 - Type 2, and certifying against internationally recognized security standards - ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO/IEC 27701. Our world-class controls and safeguards translate to unsurpassed security and privacy for our customers' information.


SOC 1 Type 2 Report
A SOC 1 Type 2 report is an attestation report issued by independentauditors in accordance with Statements on Standards of Attestation Engagements (SSAE) No. 18 on whether the controls at a service organization relevant to user entities' internal controls over financial reporting are designed appropriately and are operating effectively throughout a period of time. For further information please visit: https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc1report.html


SOC 2 Type 2 Report
A SOC 2 Type 2 report is an attestation report issued by independentauditors on whether the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users' data and the confidentiality and privacy of the information processed by these systems (Trust Services Criteria) are designed appropriately and are operating effectively throughout a period of time. BlackLine's SOC 2 Type 2 report covers the Security, Availability, and Confidentiality Trust Services Criteria. For further information please visit: https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html


SOC 3 Report
A SOC 3 report is an attestation report issued by independentauditors that provides a summary on whether the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users' data and the confidentiality and privacy of the information processed by these systems (Trust Services Criteria) are designed appropriately and are operating effectively throughout a period of time. BlackLine's SOC 3 report covers the Security, Availability, and Confidentiality Trust Services Criteria. This is a general use report that can be freely distributed, and it does not contain the auditor's test of controls or results. For further information please visit: https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc3report.html



ISO 27001 Certification
An ISO 27001 certification is issued to organizations that have attested to establishing, implementing, maintaining, and continually improving an information security management system in accordance with the International Standard ISO/IEC 27001. For further information please visit: https://www.iso.org/standard/54534.html


ISO 27017 Certification
An ISO 27017 certification is issued to organizations that have attested to establishing and implementing information security controls to address cloud-specific information security threats and risks as a cloud service customer and a cloud service provider in accordance with the International Standard ISO/IEC 27017. For further information please visit: https://www.iso.org/standard/43757.html


ISO 27018 Certification
An ISO 27018 certification is issued to organizations that have attested to implementing measures to protect PII (Personally Identifiable Information) in public cloud computing environments that provide information processing services as PII processors via cloud computing under contract to other organizations in accordance with the International Standard ISO/IEC 27018. For further information please visit: https://www.iso.org/standard/76559.html


ISO 27701 Certification
An ISO 27701 certification is issued to organizations that have attested to establishing, implementing, maintaining, and continually improving a privacy information management system as a PII (Personally Identifiable Information) controller and/or processor in accordance with the International Standard ISO/IEC 27701. For further information please visit: https://www.iso.org/standard/71670.html. For information about BlackLine's privacy program please see our Trust Privacy page.




Obtaining BlackLine SOC Reports and ISO Certifications
The most recent SOC reports and ISO certifications listed above for the BlackLine Financial Controls and Automation Platform and BlackLine Cash Application are available self-serve for customers in the BlackLine Community.BlackLine Prospects can request a copy of the most recent SOC reports and ISO certifications listed above for the BlackLine Financial Controls and Automation Platform and BlackLine Cash Application through their sales representative.


Datacenters and Hosting Environments
BlackLine partners with top tier datacenters and hosting environments that are SOC 2 Type 2 attested and ISO 27001 certified to ensure the availability and security of our service and to protect client's data from theft, corruption, or mishandling.