By moving Conga Contracts to Amazon Web Services, Conga can focus on improving our core applications and increase our pace of innovation. AWS offers a rich selection of components that Conga can leverage to accelerate product development.

Other benefits include:

• Consistent User Experience: This change will create a consistent and reliable user experience to meet the performance demands of our customer base.
• Enhanced Security: AWS provides next generation security tools and threat intelligence that will enhance our security stance.
• Improved Integration: Migrating Conga Contracts to AWS will create a common hosting environment with our other products that will improve integration across the Digital Document Transformation Suite.
• Increased Global Support: The AWS Cloud provides access to a global network of region locations that will improve access to support worldwide.

• North America Conga Contracts customers who signed with Conga prior to August 27, 2018 are affected and should have already received legal notice.
• Customers who implemented after this date ARE NOT affected as they were provisioned with AWS.

How will this affect my Conga Contracts instance and experience?

The Conga Contracts application will not be affected by this change. You will see a more consistent and reliable user experience after the migration.

This communication is the first step in our plan for migration. We have planned a phased migration which will begin in November 2018.

The URL to login to Conga Contracts is still the same but some of the IP addresses we recently communicated to you will need to be updated.

Action items:

If you are unable to see the login page, it is important that you ask your IT Team to add the following IPs to your egress whitelist for uninterrupted access to Conga Contracts.

• 75.2.100.76
• 99.83.181.93

If your organization has strict firewalls and you were already whitelisting Conga Contracts, please ask your IT team to update their whitelist to the following ingress IPs.

• 44.226.4.87
• 34.218.25.184
• 44.226.251.241

Our Conga Contracts customers who are currently whitelisting email sources will need to preferably remove email whitelisting or, if that is not possible, update their current whitelisting process to allow emails from Amazon SES.

See https://aws.amazon.com/blogs/messaging-and-targeting/amazon-ses-ip-addresses/ for up-to-date instructions to discover those ip addresses.

If you have any questions, please reach out to support@conga.com.

We will move all data to Amazon Web Services. After migration is completed, the data in the current data centers will be deleted.

Both production and disaster recovery data will be held in AWS data centers in either the U.S. or Europe, depending on the location of your data today.

The migration will have a minor impact on customers based on the complexity of each individual customers’ system. We will work with each customer to minimize any downtime.

We will work with AWS for backup and destruction of data while meeting the needs of our customer’s data retention and compliance requirements. The shift to AWS will provide additional benefits for data backup, retention, and recovery operations including reliability, availability, scalability, flexibility, compliance, and security. To learn about how Conga is backing up to the AWS Cloud, click here.

• An updated security datasheet is available here.
• Conga Contracts SOC 2 Type II audit period is from February 1, 2018, through January 31, 2019. The next report is scheduled to be available in February 2019. The 2019 report will include the AWS specific components of the service. It is important to note that Conga has maintained other services within AWS for a number of years. The core functionality, policies, and processes will be nearly identical to these existing services. If you would like to review an audit report for one of these services to understand specific AWS controls, we can provide a report upon request. Additionally, we can coordinate the delivery of the AWS SOC 2 Type II and/or ISO 27001 certification, which is also available immediately to any AWS customer via “Compliance Reports” within the AWS console.

The transition to AWS will not reduce any existing security controls, policies, or core processes covered by historical audits or previously completed customer assessments. The following are high level enhancements to Conga’s security provisions that support our commitment to providing secure services to meet and adapt to the demands of evolving threats.

• Enhanced Encryption - Moving from disk-level encryption to separate file and database level encryption utilizing AES-256.
• Improved Recovery Time Objective (RTO) & Recovery Point Objective (RPO) -RTO improved from 24 hours to 2 hours and RPO from 2 hours to 1 hour.
• Agile Security - An environment which provides the ability to protect against more threats faster and adopt emerging security technology standards at a quicker pace. With the recent release of TLS 1.3, for example, implementation and support for customers will take place more quickly and easily. Agile security provides for seamless scaling of security protections as the services expand for load or new regional services.
• Enhanced Monitoring & Protection - This is a next generation suite of tools which allows for further centralized visibility, incident mitigation, and reporting on the entire environment. It includes improved intrusion detection and prevention, anti-malware, file integrity monitoring, configuration auditing, and log monitoring.
• Enhanced Threat Defence Intelligence - This is an integration with leading providers of over 1,000+ global security experts who monitor global threat activity 24/7 and provide updated signatures and alerting to systems in near real time.
• Improved Physical Security - We leverage Amazon’s best in class data center controls and processes to enhance the security and redundancy of environmental controls of the processing environments. Amazon data centers undergo continuous audits against a multitude of stringent compliance frameworks.

It does not affect on-premises customers.

• Yes, this migration will impact all API integrations, including custom integrations.
• We will work with individual customers on a case-by-case basis to help assist in the process of updating your API calls with the new endpoint connections.
• There is no action required at this point in time. However, once your new URL is ready, we will provide you with instructions on how to update your API calls.

No customer will be asked to move to Salesforce. You will still be able to access the Conga Contracts solution as you do today.

• We will host a live, in-person webinar on August 30, 2018 at 2:00 p.m. ET to walk through these details and answer your questions. Please register for the webinar here.
• We also recommend reviewing the Amazon Web Services security whitepaper to learn more about AWS’s physical and operational security processes.
• If you have any additional questions, please feel free to reach out to your account manager or contact us at ContractsNotifications@getconga.com.

• All customers who signed with Conga prior to August 27, 2018 received notification about this change.
• Customers who signed after August 27, 2018 were provisioned on AWS.