Whoa there!
Looks like you’re getting a lot out of our resources — awesome! Want to get even more tailored insights that fit your specific needs? Let’s book a discovery call so we can help you achieve your goals faster.
.svg)
Technical and Operational Measures
Apptega may update or modify these Technical and Organizational Measures from time to time, provided such updates and modifications will not result in a degradation of the overall security of the Services during the term of the Agreement.
1. Data Center.Infrastructure. Apptega stores all production data in physically secure data centers operated by Amazon Web Services (“AWS”). AWS maintains several compliance certifications covering their operations. These can be viewed at https://aws.amazon.com/compliance/programs/Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Most Services are designed to allow Apptega to perform certain types of preventative and corrective maintenance without interruption. Preventative and corrective maintenance of the Services is scheduled through a standard change process according to documented procedures.Power. The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations.Server Operating Systems. Certain Apptega servers use a Linux based implementation customized for the application environment. Business Continuity. Apptega replicates data over multiple systems to help to protect against accidental destruction or loss. Apptega has created business continuity planning and disaster recovery programs.
2. Networks & Transmission.Data Transmission. Data centers are typically connected via virtual private networks. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer. Apptega transfers data via Internet standard protocols.External Attack Surface. Apptega employs multiple layers to protect its external attack surface. Apptega considers potential attack vectors and incorporates appropriate purpose-built technologies into external facing systems.Encryption Technologies. Apptega makes HTTPS encryption (also referred to as SSL or TLS connection) available using a minimum of TLS 1.2.
3. Access Controls.Infrastructure Security Personnel. Apptega has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Apptega’s operations personnel are responsible for the ongoing monitoring of Apptega’s security, the review of the Services, and responding to incidents.Access Control and Privilege Management. Administrators must authenticate themselves in order to administer the Services.Internal Data Access Processes and Policies. Access Policy. Apptega’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Apptega designs its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Apptega requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Apptega’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication, password policies that follow at least industry standard practices are implemented. These standards include password expiry, restrictions on password reuse and sufficient password strength.
4. Data Storage and Isolation.Apptega stores data in a multi-tenant environment. Apptega logically isolates the Controller’s data, and the Controller will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable the Controller to determine the product sharing settings applicable to end users for specific purposes.
5. Personnel Security.Apptega personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Apptega conducts reasonably appropriate backgrounds checks on all employees.Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Apptega’s confidentiality and privacy policies. Personnel are provided with security training. Apptega’s personnel will not process Customer data without written authorization.
6. Security by Design.Apptega’s platform and software code have been designed with the security of our customer’s data in mind. Apptega employs a code review process to increase the security of the code used to provide the Services and enhance the security posture in production environments.
7. Subprocessors.Prior to onboarding Subprocessors, Apptega conducts a review of the security and privacy practices of Subprocessors to ensure Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Apptega has assessed the risks presented by the Subprocessor, the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms. A list of current subprocessors can be found at: https://www.apptega.com/en-us/compliance/sub-processors.
8. Vulnerability Management.Apptega conducts regular assessments on critical systems with the intent of finding system and application vulnerabilities.
9. Breach Detection and Response.Apptega uses a managed solution for safeguarding applications running on our platform and a threat detection service that continuously monitors for malicious activity and unauthorized behavior. Apptega also log access requests and usage of the platform to further facilitate security incident monitoring and response. In the event that a security incident is detected, Apptega will act promptly to identify, contain, mitigate, and remediate the incident. All constituents will be promptly notified in accordance with law and applicable agreement(s).
10. Audit.Apptega maintains a SOC 2-based information security management system with controls that are audited internally and externally on a regular basis.
Last updated: 07/01/2023