PCI Compliance Upgrade

Blackbaud has begun disabling TLS 1.0 across its solutions as of March 15, 2018 and will continue to do so until all products have been successfully deprecated by June 30, 2018. Your organization will need to take action to ensure that your Blackbaud solutions are TLS 1.1 or 1.2 compatible and your payment processing capabilities remain secure. In order for Blackbaud to assist you and confirm that you are prepared for the deprecation deadline, please complete this form by May 30, 2018.

At Blackbaud, your security is our priority. As the cloud software partner to many leading social good organizations, we have world-class security, privacy, and risk management teams that work around the clock every day to ensure that your data is safe and accessible to you.

As part of our commitment to sector-leading security and in alignment with industry best practices set forth by the Payment Card Industry (PCI) Security Standards Council, Blackbaud will begin to disable TLS (Transport Layer Security) 1.0 encryption protocol across all its solutions March 15, 2018. This will require an upgrade to a TLS 1.1 or 1.2 compatible version of our software if you host locally in your data centers or on your workstations. If you are on a Blackbaud cloud or hosted solution and receive upgrades automatically, you are always current with the latest security requirements. However, you are still responsible for keeping your operating system and browsers up to date.

If you are running an older version of a Blackbaud solution locally, your organization may need to take action to ensure that your Blackbaud solutions are TLS 1.1 or 1.2 compatible. But don’t worry! We’re giving you ample time to prepare and a wealth of resources to keep the process simple and painless.


What is TLS?

TLS stands for "Transport Layer Security." It is a protocol that provides privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today, and is used for web browsers and other applications that require data to be securely exchanged over a network. TLS ensures that a connection to a remote endpoint is the intended endpoint through encryption and endpoint identity verification. The versions of TLS to date are TLS 1.0, 1.1, and 1.2.

What is changing and why?

Blackbaud is committed to maintaining the highest security standards in our solutions to ensure that customers have access to the latest security protocols. Per PCI requirements, TLS 1.0 will be considered obsolete and put organizations at an increased security risk as of June 30, 2018. The TLS encryption protocol upgrade is a mandatory, industry-wide security update, mandated by the PCI Security Standards Council and affecting a wide range of software solutions in your environment, not just Blackbaud solutions.

How does this impact me?

Blackbaud is requiring customers to upgrade to versions of their products that support TLS 1.1 or higher by March 15, 2018. On that date, Blackbaud will begin disabling the TLS 1.0 encryption protocol in our solutions, so Blackbaud can complete development and testing prior to the PCI Council’s June 30, 2018 deadline. After March 15, 2018, customers still using TLS 1.0 will not be able to access some of their Blackbaud solutions.

I have a hosted or cloud Blackbaud solution. Does this impact me?


For customers of our cloud solutions (such as Raiser’s Edge NXT, Financial Edge NXT, Luminate CRM, eTapestry, and Altru), you are always current with the latest security requirements. We have or will soon automatically release TLS 1.1+ compatible versions of your solution and you don’t need to take steps to upgrade your software. The same is true if you are on hosted versions of Raiser’s Edge 7 or Financial Edge 7. Customers hosted on Blackbaud CRM/Blackbaud Internet Solutions where upgrade schedules are determined by customers, need to ensure that their software has been upgraded to a version that is TLS 1.1+ compatible.

However, you will need to ensure that your OS and browsers have been upgraded to support TLS 1.1+, and you need to notify your constituents of this as well. See below for the actions you need to take.

What will happen if we don’t upgrade?

After Blackbaud begins to disable TLS 1.0 on March 15, 2018, if you haven’t made the required updates, you will no longer be able to access some or all of your Blackbaud solutions and services that rely on TLS 1.0; they will fail. This will impact a number of Blackbaud solutions, including access to websites.

See examples of connectivity issues both hosted and on-premise clients will experience if they do not upgrade their OS and browser to support TLS 1.1+.

How will my donors and constituents be impacted?

If you don’t upgrade to a version of your Blackbaud solution that supports TLS 1.1 prior to the March 15, 2018 deadline, not only would you not be able to access your Blackbaud solutions, but your constituents, including donors, may not be able to access your websites and/or process donations/payments.

What action do I need to take?

Prior to March 15, 2018:

  1. Ensure that you have upgraded to TLS 1.1+ compatible Blackbaud products. See versions of Blackbaud products that support TLS 1.1+
  2. Ensure that your OS and browsers have been upgraded to support TLS 1.1+. See operating systems and browsers that support TLS 1.1+
  3. Notify your constituents to upgrade their OS and browser to TLS 1.1+ supported versions, to ensure continuity of communications and transactions. For example, donors, patrons, parents and students accessing donor pages, store fronts, community pages and online registration pages hosted within on-premise environments are susceptible to vulnerability and connectivity issues if they do not upgrade their OS and browser to support TLS 1.1+.

Blackbaud TLS Resources

We’re here to help! In our new TLS resources section you can find additional information to support you in taking the necessary steps to prevent disruption and ensure your Blackbaud solutions continue to be compliant, specifically that the payment processing capabilities in your solutions remain secure.