Finance Control and Automation Suite

BlackLine helps organisations improve their core financial reporting processes (Record to Report). These processes are often managed manually using a combination of excel, word, email and other tools such as SharePoint. BlackLine provides a cloud application to manage and optimise these processes to improve control, compliance, speed and reduce costs.


  • Financial Close Management (Closing Calendar)
  • Transaction Matching and Reconciliation (e.g. Bank Recs)
  • Balance Sheet Account Reconciliation and Substantiation
  • Intercompany Reconciliation (Clearing Netting and Settlement)
  • Journal Entry, Approval and Management
  • Financial Controls and Compliance
  • ERP Automation
  • Comprehensive Accounting and Process Metrics and Reporting
  • Gloabl Benchmarking and comparisons


  • Accounting Standardisation and Simplification
  • Enhanced Financial Control and Compliance
  • Improved Speed and Efficiency
  • Cost and/or Headcount Savings
  • Demonstrable and Auditable Accounting Integrity
  • Greater Financial Visibility and Management


£1150 to £2160 per person per year

  • Education pricing available

Service documents

G-Cloud 11



Marcus Evans


Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to BlackLine is typically used to complement accounting and ERP software and is an endorsed by SAP solution. It typically sits above ERP and below Consolidation systems (SAP BPC or Oracle Hyperion) to standardise, optimise and reduce complex manual processes necessary to prepare GL, sub-ledger and bank data for financial reporting.
Cloud deployment model Private cloud
Service constraints The service requires internet access and data connectivity (e.g Secure FTP, Web services or API).
System requirements
  • Internet Access
  • Data Connectivity

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response is immediate, problem resolution depends upon the nature of the problem. Live support is available 24/7/365, including weekends.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels All support cases are categorized into four priority categories which do not incur additional cost. Our support SLAs outline case prioritization, time frames for acknowledgment, and ongoing updates.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started BlackLine's implementation team will schedule a kick-off call to discuss the specific details regarding the project plan. Clients work closely with a dedicated BlackLine implementations consultant from the initial kick-off meeting to the "go-live" date. BlackLine standardizes their implementation strategy and uses a "train-the-trainer" approach to ensure the client team is capable of maintaining and accessing the application even after completion. The implementation package also includes data import templates, project timeline, online help (+500 pages of interactive documents), and a quick-start user guide. BlackLine offers role-based training through BlackLine U, our learning management system. Provided at no additional charge, this online training portal provides 24x7 access to a variety of training resources, including a topic-driven eLearning library for self-paced study and downloadable Quick Reference Guides.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Clients can export nearly all data and supporting documents in the BlackLine solution at any time. When a client cancels their subscription to BlackLine, all data will be deleted in a secure, DOD-compliant manner within 30 days.
End-of-contract process Should the client seek to either terminate or downgrade their use of the BlackLine Finance Controls and Automation Suite, the client may request a backup of their document repository with all files in their original format. All reconciliations, account information, transactions, variance analyses, and journal entry information in BlackLine will be provided back in a flat-file database format. There is no additional charge.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service BlackLine can be accessed via any device which supports a web browser and internet access. Additionally, BlackLine offers a limited-functionality mobile application for the iOS and Android platforms which serves as an alternative front end to the web product.
What users can and can't do using the API Public API and web services support is an important element of our product development roadmap and strategy. We have already released web-services-based journals functionality, which enables real-time validations and postings. This approach leverages REST (Representational State Transfer) technology to communicate between BlackLine and the ERP system(s) and triggers the immediate handling of the transferred files. We have also released APIs for our Task Management module and for reporting. In the future, we will be building on this foundation to expand our API and web services offerings.
API documentation No
API sandbox or test environment Yes
Customisation available No


Independence of resources The BlackLine application is a multi-tier application and fully scalable, utilizing multiple database servers, web servers, and servers running various web services. Load balancing is utilized to maximize performance.There is no limit to the number of concurrent users, accounts, and transactions being processed. One client has over 4,000 users, 100,000+ monthly reconciliations and another runs hundreds of millions of records through the tool each year, all without any performance issues.


Service usage metrics Yes
Metrics types Service availability and other performance metrics are available on demand at


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Reconciliations anddata grids in the BlackLine solution can be exported to Excel. Our standard reports can be printed or extracted to Word, Rich Text, RPT, Excel, CSV, and PDF formats. Enhanced Reporting allows for Web (text), Excel (XLS), PDF and CSV.
Data export formats
  • CSV
  • Other
Other data export formats Attachments are exported in their original formats (PDF, XLS, etc.)
Data import formats
  • CSV
  • Other
Other data import formats
  • BAI , CSV, SWIFT, and TXT.
  • Supporting documents may be uploaded in any format.

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Client data is encrypted in transit using HTTPS and TLS technologies. BlackLine's hosted product requires, at a minimum, 128-bit TLS ciphers and 2048-bit key encryption for all web communications and data transfers.

Clients may also implement IP address restrictions. Acceptable IP address ranges are supplied by the client and can be updated in an ongoing basis via a support ticket. All restrictions are based upon IP addresses , and users outside of acceptable IP addresses /ranges will be treated as if the BlackLine instance URL does not exist.
Data protection within supplier network Other
Other protection within supplier network Data at rest is encrypted using self-encrypting drives (for databases) and Vormetric appliances (for all storage except databases). Data at rest encryption uses AES-256 crypto algorithm . BlackLine uses firewalls, IDS, and log-management tools to monitor and maintain a secure environment.All traffic, regardless of direction, must pass through BlackLine's firewalls. Since the firewall serves as a choke point for traffic between security domains, it is ideally situated to inspect and block traffic and coordinate activities with Network Intrusion Detection Systems (IDS).

Availability and resilience

Availability and resilience
Guaranteed availability As specified in BlackLine's Master Subscription Agreement (MSA), BlackLine's SLA is as follows: "The Hosted Service will be available 100% of the time, except for: (i) Scheduled Maintenance; (ii) Emergency Maintenance; and (iii) any Force Majeure Event. Downtime is measured from the time you open a trouble ticket. Upon receiving a report of Downtime, for each full hour of Downtime, BlackLine will credit you two percent (2%) of your monthly fee, up to fifty percent (50%) of your monthly fee for the affected Hosted Service. You agree that the credit specified in this Appendix will be your sole and exclusive remedy for any Downtime."
Approach to resilience All customer data is stored in databases on carrier-grade encrypted redundant disk storage. Redundant array of independent disks (RAID) and multiple data paths are used to ensure high availability. All customer data is automatically replicated to separate encrypted disk storage at our secure DR site. In addition, daily backup integrity is verified, and encrypted backups are moved to a secure offsite location. BlackLine has strategically implemented high availability throughout its environment to prevent single points of failure and to maximize uptime. To achieve this BlackLine has deployed redundant (N+1) devices for all network switches, firewalls, load balancers, storage arrays, physical servers and database servers.
Outage reporting Clients may view the current application status and other key metrics online at

Upcoming maintenance and any planned outages are reported via BlackLine's support portal and by email.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels By audited policy, BlackLine does not access client instances unless requested to by that client for implementation or troubleshooting. Only BlackLine employees with need to know access rights due to job responsibilities have access to operating systems, databases and networks. All internal access is granted through a formal approval process. As a general rule, permissions are given according to a least privileges principle and all access is closely controlled. System logs monitor administrative level and user level access. Logs are reviewed monthly.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 6 months and 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 12/10/2016
What the ISO/IEC 27001 doesn’t cover Items outside the certification scope of ISO 27001:2013.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes BlackLine's Chief Security Officer and InfoSec team are responsible for managing and updating security policies throughout BlackLine. Our information security policies provide protection of information assets from unauthorized modification, destruction and disclosure, and adherence to the Information Security Program, by following the standards and guidelines, is a key responsibility of all BlackLine employees. The Information Security Policy is distributed to all BlackLine employees. Violations to this policy are brought to the attention of Senior Management, which determines the appropriate response.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach BlackLine has a strict change control process in place which impacts development, support and implementations. This security is necessary to comply with our SSAE16, ISAE3402, AT Section 101 standards, and Systrust/Webtrust principles. BlackLine has established a Change Management Board (CMB) to review all SDLC related changes. The CMB is comprised of Senior Management representing software development, operations, support, QA, and IT as appreciated for the topics to be discussed. BlackLine employs change management techniques that allow it to track and approve all application changes. These changes are tracked and available to our customers for all new releases.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach BlackLine performs application vulnerability and penetration testing on an ongoing basis. Vulnerability scans and penetration tests are performed on all internet facing applications and systems before they go into production. We also undergo annual penetration tests conducted by qualified third parties. If any vulnerabilities are identified, they are prioritized and fixed as soon as possible (usually within the following month). BlackLine follows vendor patch cycles, and our support team takes full responsibility for ensuring that the systems in your environment have the latest security patches and service pack hot-fixes.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach BlackLine uses about a dozen tools for real-time health, performance, and security monitoring for hardware, servers, and applications. The tools are managed by production operations, NOC, and InfoSec teams. BlackLine uses logging tools to collect, correlate, and alert on security events, and alerts are responded to 24x7 by BlackLine's InfoSec and production operations teams.When a security incident is observed (by a tool or an individual), it is responded to accordingly. Critical incidents are immediately escalated to the C-level, if necessary.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach BlackLine has a formal incident response procedure in place. In the event of a security breach, BlackLine will notify the primary account contact via email. BlackLine will explain the incident and then work with the client to remediate the incident . Depending on the type of incident , client will be working with individuals at BlackLine which are designated to be involved, using procedures applicable for each class of incident .

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1150 to £2160 per person per year
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑