BlackLine Home page BlackLine home page
Solutions
Solutions
Financial Close Management
Financial Close Management
Overview
Overview
Account Reconciliations
Account Reconciliations
Task Management
Task Management
Transaction Matching
Transaction Matching
Journal Entry
Journal Entry
Financial Reporting Analytics
Financial Reporting Analytics
Variance Analysis
Variance Analysis
Smart Close for SAP
Smart Close for SAP
Accounts Receivable Automation
Accounts Receivable Automation
Overview
Overview
eInvoicing & Payments
eInvoicing & Payments
Cash Application
Cash Application
AR Intelligence
AR Intelligence
Collections Management
Collections Management
Credit & Risk Management
Credit & Risk Management
Team & Task Management
Team & Task Management
Disputes & Deductions
Disputes & Deductions
Intercompany Financial Management
Intercompany Financial Management
Overview
Overview
Intercompany Create
Intercompany Create
Intercompany Balance & Resolve
Intercompany Balance & Resolve
Intercompany Net & Settle
Intercompany Net & Settle
By Organization Size
By Organization Size
Midsize Organizations
Midsize Organizations
Large Enterprises
Large Enterprises
By Industry
By Industry
Banking & Financial Services
Banking & Financial Services
Consumer Products & Services
Consumer Products & Services
Energy & Raw Materials
Energy & Raw Materials
Healthcare & Life Sciences
Healthcare & Life Sciences
Manufacturing
Manufacturing
Retail
Retail
Technology, Media & Communications
Technology, Media & Communications
See All Industries
By ERP
By ERP
SAP
SAP
Oracle
Oracle
Oracle NetSuite
Oracle NetSuite
Microsoft Dynamics
Microsoft Dynamics
See All ERPs
By Topic
By Topic
Environmental, Social, and Governance
Environmental, Social, and Governance
Recruiting & Retaining Top Talent
Recruiting & Retaining Top Talent
Enabling an ERP Transformation
Enabling an ERP Transformation
CFO & CIO Collaboration
CFO & CIO Collaboration
F&A Transformation
F&A Transformation
IPO Readiness
IPO Readiness
Mergers & Acquisitions
Mergers & Acquisitions
Revenue Cycle Optimization
Revenue Cycle Optimization
Regulatory Compliance
Regulatory Compliance
Customers
Customers
Customer Success
Success Stories
Success Stories
Community
Community
Services
Services
Overview
Overview
Professional Services
Professional Services
Training & Education
Training & Education
Customer Success
Customer Success
Transformation Services
Transformation Services
Global Support
Global Support
Resources
Resources
Events
Events
Upcoming Webinars
Upcoming Webinars
On-Demand Webinars
On-Demand Webinars
White Papers
White Papers
Blog
Blog
Accounting Glossary
Accounting Glossary
Developer Portal
Developer Portal
About
About
Company
Company
About BlackLine
About BlackLine
Leadership
Leadership
Diversity, Equity & Inclusion
Diversity, Equity & Inclusion
Environmental, Social & Governance
Environmental, Social & Governance
In the News
In the News
Press Releases
Press Releases
Investors
Investors
Awards & Recognition
Awards & Recognition
Careers
Careers
Partners
Partners
Overview
Overview
Business Process Outsourcers
Business Process Outsourcers
Consulting Alliances
Consulting Alliances
Software & Cloud Partners
Software & Cloud Partners
Solution Provider Partners
Solution Provider Partners
SAP
SAP

Security

BlackLine is committed to notifying you of security vulnerabilities affecting you or our platform. We will publish security advisories here.

BlackLine will never ask you for your password. Do not give out your user credentials or login information to anyone. If you have any issues with your password or logging into your application, you may reset your password from the login page, or contact your BlackLine System Admin. If you are still having trouble accessing your BlackLine instance, contact Support. If you suspect a security threat or vulnerability, please submit a report to our Information Security team at security@blackline.com.

Compliance

As part of our commitment to maintaining a world-class security infrastructure, we validate the effectiveness of our information security controls by periodically attesting against internationally recognized auditing standards - SSAE 18 / ISAE 3402 SOC 1 - Type 2 and SSAE 18 / ISAE 3000 [Revised] SOC 2 - Type 2, and certifying against internationally recognized security standards - ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO/IEC 27701. Our world-class controls and safeguards translate to unsurpassed security and privacy for our customers' information.

SOC 1 Type 2 Report

A SOC 1 Type 2 report is an attestation report issued by independentauditors in accordance with Statements on Standards of Attestation Engagements (SSAE) No. 18 on whether the controls at a service organization relevant to user entities' internal controls over financial reporting are designed appropriately and are operating effectively throughout a period of time. For further information please visit:

https://us.aicpa.org/

SOC 2 Type 2 Report

A SOC 2 Type 2 report is an attestation report issued by independentauditors on whether the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users' data and the confidentiality and privacy of the information processed by these systems (Trust Services Criteria) are designed appropriately and are operating effectively throughout a period of time. BlackLine's SOC 2 Type 2 report covers the Security, Availability, and Confidentiality Trust Services Criteria. For further information please visit:


https://us.aicpa.org/

SOC 3 Report

A SOC 3 report is an attestation report issued by independentauditors that provides a summary on whether the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users' data and the confidentiality and privacy of the information processed by these systems (Trust Services Criteria) are designed appropriately and are operating effectively throughout a period of time. BlackLine's SOC 3 report covers the Security, Availability, and Confidentiality Trust Services Criteria. This is a general use report that can be freely distributed, and it does not contain the auditor's test of controls or results. For further information please visit:

https://us.aicpa.org/

ISO 27001 Certification

An ISO 27001 certification is issued to organizations that have attested to establishing, implementing, maintaining, and continually improving an information security management system in accordance with the International Standard ISO/IEC 27001. For further information please visit:


https://www.iso.org/

ISO 27017 Certification

An ISO 27017 certification is issued to organizations that have attested to establishing and implementing information security controls to address cloud-specific information security threats and risks as a cloud service customer and a cloud service provider in accordance with the International Standard ISO/IEC 27017. For further information please visit:

https://www.iso.org/

ISO 27018 Certification

An ISO 27018 certification is issued to organizations that have attested to implementing measures to protect PII (Personally Identifiable Information) in public cloud computing environments that provide information processing services as PII processors via cloud computing under contract to other organizations in accordance with the International Standard ISO/IEC 27018. For further information please visit:

https://www.iso.org/

ISO 27701 Certification

An ISO 27701 certification is issued to organizations that have attested to establishing, implementing, maintaining, and continually improving a privacy information management system as a PII (Personally Identifiable Information) controller and/or processor in accordance with the International Standard ISO/IEC 27701. For further information please visit:

https://www.iso.org/

For information about BlackLine's privacy program please see our Privacy Center page.

Obtaining BlackLine SOC Reports and ISO Certifications

The most recent SOC reports and ISO certifications listed above for the BlackLine Financial Controls and Automation Platform and BlackLine Cash Application are available self-serve for customers in the BlackLine Community.BlackLine Prospects can request a copy of the most recent SOC reports and ISO certifications listed above for the BlackLine Financial Controls and Automation Platform and BlackLine Cash Application through their sales representative.

Datacenters and Hosting Environments

BlackLine partners with top tier datacenters and hosting environments that are SOC 2 Type 2 attested and ISO 27001 certified to ensure the availability and security of our service and to protect client's data from theft, corruption, or mishandling.

Best Practices

BlackLine is committed to ensuring our customers are accessing their applications securely. Given the ever evolving security threats present, we recommend you take certain precautions to help protect your organization from unauthorized access.

IP Allow-List
IP Allow-list from designated IP addresses will limit users who do not have access, via the corporate LAN or VPN. By using IP Allow-list, administrators can identify the range of accepted IP Addresses that should have access to BlackLine. Users attempting to access BlackLine who are not part of the range of IP Addresses will not be granted access.

Strengthen Password Policies
An effective way to protect your company is to strengthen password policies. You may do this by visiting the Security Settings page in the application.

Physical Security

Our service is collocated in dedicated spaces at top-tier data centers. These facilities provide carrier-level support, including:

Access control and physical security

  • 24-hour manned security, including foot patrols and perimeter inspections

  • Computing equipment in access-controlled steel cages

  • Video surveillance throughout facility and perimeter

  • Building engineered for local seismic, storm, and flood risks

  • Tracking of asset removal

  • Secure, On-Campus Network Operations Center to Monitor Building Management System


Environmental controls

  • Entire HVAC plant—chillers, compressors, heat exchangers, and distribution systems — monitored for all environmental operating parameters by a Building Management System

  • Redundant N+2 HVAC cooling system with 100% Service Level Agreement


Power

  • Underground utility power feed

  • Redundant (N+2) CPS/UPS systems

  • Redundant power distribution units (PDUs)

  • Diesel generators with on-site diesel fuel storage


Network

  • Redundant internal networks

  • Network neutral; connects to all major carriers and located near major Internet hubs

  • High bandwidth capacity


Fire detection and suppression

  • State-of-the-art fire detection and suppression systems using the latest advances in pre-action water

Protection

Secure transmission and sessions

  • Connection to the BlackLine OnDemand environment is via TLS cryptographic protocols ensuring that our users have a secure encrypted connection


Network protection

  • Perimeter firewalls and edge routers block unused protocols

  • Internal firewalls segregate traffic between the application and database tiers

  • Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports

  • A third-party service provider periodically scans the network externally and alerts changes in baseline configuration


Disaster Recovery

  • The BlackLine OnDemand service performs a near real-time data replication between the production data center and the disaster recovery center

  • Data is transmitted across an encrypted tunnel


Backups

  • All data is backed up at each data center on a daily basis.


Internal and Third-party testing and assessments

  • BlackLine tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly:

  • Application vulnerability assessments

  • Network vulnerability assessments

  • Penetration testing and code review

  • Security control framework


Security Monitoring

  • Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.