Security is always at the core of our development. We strive to meet the highest standards while giving you the flexibility to choose between several options, to meet your corporate security requirements. Our key security features are listed below. If you require more information, please reach out.
Compliance with Industry Standards
We are continuously monitoring our compliance with industry standards. We are ISO 27001 certified and our security controls are compliant with SOC 2 Type 1 and Type 2 standards.
Hosting
We use Amazon Web Services (AWS). Your individual virtual instance is hosted in an AWS data center close to you (Ohio for AMER customers, Australia for APAC customers and Ireland for EMEA customers) under a Virtual Private Cloud.
Data Encryption
All your data is encrypted in transit (HTTPS TLS 1.2 or above) and at rest (AES-256). Decryption of your data will never occur other than as a part of the automated on-the-fly decryption to provide access to Apromore to authorized users, or for troubleshooting purposes with your written consent.
Authentication & Access Control
We provide password-protected access with two-factor authentication and integration with your identity management system (Single Sign-On via SAML, OpenID Connect or LDAP). To reduce the risk of unauthorized access, we can also restrict access to a range of whitelisted IP addresses.
Deep Security
Access to Apromore is additionally secured by enforcing Web application firewall rules (AWS WAF) in a dedicated application load balancer. Industry-standard system hardening procedures include Network layer 7, 4 and 3 level security. In addition, AWS GuardDuty provides intelligent threat protection and continuous monitoring against malicious activity and intruders.
Monitoring & Auditing
User logins and operations are automatically logged for monitoring and auditing purposes. Administrators can see and download all users' activity logs, while each individual user has access to their own activity logs.
Third-Party Penetration Testing
We perform external penetration tests via CREST-certified third parties at least once a year. Moreover, we do pre and post production internal penetration tests on a regular basis.
Backups
All virtual instances are backed up weekly to ensure your data is safe. Backups are automatically encrypted using industry standards and held for up to four weeks by Apromore’s storage systems. Seek more backups? No problem. Customized backups can be enabled at any time.
Data Deletion
If you wish to delete your data, you can do so at any time via Apromore’s Portal. In-line with our retention policy, regular backups are automatically deleted as an added protection.
Update Cycles
Patches and hotfixes are applied immediately via a continuous delivery pipeline. You will be informed of new versions, and authorize us to upgrade your instance on an agreed-upon timeframe. We use DNS remapping and backup validation to allow safe rollback. We take extra care to protect your information and minimize impact on business operations during upgrades.