Service Listing

Introducing Apromore 10.1 + Compliance Center: Read the press release here

X

 

Security is always at the core of our development. We strive to meet the highest standards while giving you the flexibility to choose between several options, to meet your corporate security requirements. Our key security features are listed below. If you require more information, please reach out.

Compliance with Industry Standards

We are continuously monitoring our compliance with industry standards. We are ISO 27001 certified and our security controls are compliant with SOC 2 Type 1 and Type 2 standards.

Compliance with Industry Standards

Hosting

We use Amazon Web Services (AWS). Your individual virtual instance is hosted in an AWS data center close to you (Ohio for AMER customers, Australia for APAC customers and Ireland for EMEA customers) under a Virtual Private Cloud.

Hosting

Data Encryption

All your data is encrypted in transit (HTTPS TLS 1.2 or above) and at rest (AES-256). Decryption of your data will never occur other than as a part of the automated on-the-fly decryption to provide access to Apromore to authorized users, or for troubleshooting purposes with your written consent.

Data Encryption

Authentication & Access Control

We provide password-protected access with two-factor authentication and integration with your identity management system (Single Sign-On via SAML, OpenID Connect or LDAP). To reduce the risk of unauthorized access, we can also restrict access to a range of whitelisted IP addresses.

Authentication & Access Control

Deep Security

Access to Apromore is additionally secured by enforcing Web application firewall rules (AWS WAF) in a dedicated application load balancer. Industry-standard system hardening procedures include Network layer 7, 4 and 3 level security. In addition, AWS GuardDuty provides intelligent threat protection and continuous monitoring against malicious activity and intruders.

Deep Security

Monitoring & Auditing

User logins and operations are automatically logged for monitoring and auditing purposes. Administrators can see and download all users' activity logs, while each individual user has access to their own activity logs.

Monitoring & Auditing

Third-Party Penetration Testing

We perform external penetration tests via CREST-certified third parties at least once a year. Moreover, we do pre and post production internal penetration tests on a regular basis.

Third-Party Penetration Testing

Backups

All virtual instances are backed up weekly to ensure your data is safe. Backups are automatically encrypted using industry standards and held for up to four weeks by Apromore’s storage systems. Seek more backups? No problem. Customized backups can be enabled at any time.

Backups

Data Deletion

If you wish to delete your data, you can do so at any time via Apromore’s Portal. In-line with our retention policy, regular backups are automatically deleted as an added protection.

Data Deletion

Update Cycles

Patches and hotfixes are applied immediately via a continuous delivery pipeline. You will be informed of new versions, and authorize us to upgrade your instance on an agreed-upon timeframe. We use DNS remapping and backup validation to allow safe rollback. We take extra care to protect your information and minimize impact on business operations during upgrades.

Update Cycles
Contact us

Do you have a question?
Ask us.

Book a demo

Our interactive demo shows how Apromore can work for you.

Free trial

Sign up for a free 30-day trial.
No strings attached.