Skip to content
Share
Explore
Answering security questionnaires with Coda AI
Answering security questionnaires frequently?
Page
Clear the Questions table
Questions
Question
AI generated answer
Copy to clipboard
1
How is user authentication and access control managed in your system?
Authentication and access control in Coda are managed through various methods, including Single Sign-On (SSO) with SAML 2.0, Sign-in with Google, Microsoft, Apple, Magic links, and Basic authentication with 2-factor. Enterprises can set custom session durations, authentication policies, provision and de-provision users and groups through SCIM (System for Cross-domain Identity Management). Role-based access controls are implemented on workspaces, organizations, docs, folders, and Packs, allowing for fine-grained control over permissions. Enterprises can simplify permission management by leveraging SCIM groups and Google Groups, and set advanced sharing policies for forms, docs, and Packs.
Copy to clipboard
2
What measures do you have in place to protect against unauthorized access and data breaches?
Coda implements measures such as Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), Just-in-Time (JIT) access grants, Network Security best practices, and encryption to protect against unauthorized access and data breaches.
Copy to clipboard
3
How is data encrypted in transit and at rest?
Data transmitted between customers and Coda’s service is protected using TLSv1.2 or higher. Data at rest is encrypted using AES-256 symmetric encryption algorithm.
Copy to clipboard
4
What is your incident response plan in case of a security breach?
Coda has implemented policies and procedures to respond to security incidents. The incident response plan identifies the types of events that require the incident response process, categorizes them by severity, and provides procedures for managing them. Incident response procedures are regularly tested and updated annually.
Copy to clipboard
5
Can you provide documentation of your security audits and compliance certifications?
Coda has obtained SOC 2 Type 2 attestation from third-party auditors. They are in full compliance with European General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) provisions. Additionally, Coda is currently in the process of obtaining ISO 27001/27017/27018 certification.
Copy to clipboard
6
How are third-party integrations and APIs secured?
Third-party integrations and APIs are secured by providing advanced security controls for third-party integrations. Enterprises have full control over what data can be brought into Coda, who can bring it, and who can access it. By employing Pack controls, teams can ensure that only authorized individuals are allowed to access that data within Coda docs.
Copy to clipboard
7
Do you have a disaster recovery plan in place?
Yes, Coda tests disaster recovery procedures at least once a year.
Copy to clipboard
8
How is data backup and recovery managed?
Coda keeps deleted documents in primary storage systems for 7 days to allow for reversals of accidental deletions. After 7 days, they are permanently removed from primary storage but retained in backups for 35 days. Once this retention period is over, the customer data will no longer be present in backups.
Copy to clipboard
9
Where is Coda hosted?
Coda is hosted on Amazon Web Services (AWS) and relies on AWS for the physical security of the data centers where Coda services are hosted.
Copy to clipboard
10
Do you have ISO 27001 certification?
Coda is currently in the process of obtaining ISO 27001/27017/27018 certification.
Copy to clipboard
11
What is the RPO (Recovery Point Objective) SLA?
I do not know.
Copy to clipboard
There are no rows in this table
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.