OUR COMMITMENT TO SECURITY

Your Trust is Our Top Concern

At the heart of Aptori lies a steadfast commitment to security. We prioritize your trust above all else, employing state-of-the-art security measures and frequent audits to keep you safe. Aptori is SOC 2 Type II Compliant.
Our security protocols are rigorously tested to meet the standards of SOC 2, making security an integral part of our organizational DNA.

*No credit card required
YOUR SECURITY IS PARAMOUNT

SOC 2 Type II Compliance

In order to maintain a secure environment, Aptori has achieved SOC II compliance without exceptions.

Robust Infrastructure

At Aptori, all data is securely stored. We utilize Amazon Web Services (AWS) and Google Cloud Platform (GCP)  secured servers and encrypt stored data with an industry standard, one-way salted hash. Data is protected in transit using Transport Layer Security (TLS), ensuring that your information remains secure if hosts are compromised. Our physical locations have multiple secure access points that require proper credentials to enter. All employees must undergo data security training in order to gain and maintain network access. Endpoints are hardened by a Web Application Firewall (WAF). This increases resistance to common exploits that could interrupt application availability.

Security Monitoring

We have established secure processes with constant oversight across Aptoris’ digital and physical infrastructure. We monitor our networks for unusual system activity, authorized and unauthorized system configuration changes, and user privileges. Our security team is alerted about any anomalous activity so it can be immediately authenticated or contained and remediated. Alongside our technological precautions, every employee is required to take and pass a digital security and hygiene course on a yearly basis as well as maintain standards in line with current guidelines as recommended by the digital security community.

Confidentiality & Privacy

We abide by AICPA’s generally accepted privacy principles (GAPP), and have numerous controls in place to protect Personal Identifiable Information (PII). All collected information is anonymized unless otherwise stated. All data processing is complete, accurate, timed, and authorized. We only collect data that pertains to the development of the Aptori products. All our employees have signed Non-Disclosure Agreements regarding our proprietary technology and the data of our clients. All collected data is treated as critical and measures are in place to protect it against unauthorized loss, misuse, and alteration.
ENSURING YOUR DATA'S SAFETY

Our Ongoing Security Pledge

At Aptori, we understand that the security of your data is paramount. That's why we are committed to maintaining the highest standards of information security, data protection, and privacy. Our comprehensive approach to security is not a one-time effort but an ongoing pledge to safeguard your data and maintain your trust.

Secure Software Development & Deployment

Aptori code and cloud services are continuously tested using security scanners for SAST, DAST, SCA, Container, IAC, and API Security.

Team Training

Our staff is skilled and well-educated in security best practices, undergoing mandatory training that covers secure coding, phishing awareness, and secure password management.

External Evaluations

We conduct frequent third-party penetration tests to validate the resilience of our security measures, and Aptori is subject to periodic third-party reviews to verify the effectiveness of our security controls.

Clearly Defined Roles

We have a well-articulated structure for roles and responsibilities concerning information security and customer data protection.

Comprehensive Security Strategy

Our organization-wide security program aligns with ISO 27001 and SOC 2 guidelines and is communicated across all levels.

Real-Time Monitoring

We constantly monitor our security and compliance metrics to prevent any lapses.

Identified a Possible Security Vulnerability?

If you've discovered a potential vulnerability, we kindly ask you to inform us so we can address it promptly.