Improve Operational Resilience by 

Turning a New Regulatory Standard into an Opportunity

Read More


Security and Trust

Your data security is our priority.


Security is always at the core of our development. We strive to meet the highest standards while giving you the flexibility to choose between several options, to meet your corporate security requirements. Our key security features are listed below. If you require more information, please reach out.

Compliance with Industry Standards

We are continuously monitoring our compliance with industry standards. We are ISO 27001 certified and our security controls are compliant with SOC 2 Type 1 and Type 2 standards.


We use Amazon Web Services (AWS). Your individual virtual instance is hosted in an AWS data center close to you (Ohio for AMER customers, Australia for APAC customers and Ireland for EMEA customers) under a Virtual Private Cloud.

Data Encryption

All your data is encrypted in transit (HTTPS TLS 1.2 or above) and at rest (AES-256). Decryption of your data will never occur other than as a part of the automated on-the-fly decryption to provide access to Apromore to authorized users, or for troubleshooting purposes with your written consent.

Authentication & Access Control

We provide password-protected access with two-factor authentication and integration with your identity management system (Single Sign-On via SAML, OpenID Connect or LDAP). To reduce the risk of unauthorized access, we can also restrict access to a range of whitelisted IP addresses.

Deep Security

Access to Apromore is additionally secured by enforcing Web application firewall rules (AWS WAF) in a dedicated application load balancer. Industry-standard system hardening procedures include Network layer 7, 4 and 3 level security. In addition, AWS GuardDuty provides intelligent threat protection and continuous monitoring against malicious activity and intruders.

Monitoring & Auditing

User logins and operations are automatically logged for monitoring and auditing purposes. Administrators can see and download all users' activity logs, while each individual user has access to their own activity logs.

Third-Party Penetration Testing

We perform external penetration tests via CREST-certified third parties at least once a year. Moreover, we do pre and post production internal penetration tests on a regular basis.


All virtual instances are backed up weekly to ensure your data is safe. Backups are automatically encrypted using industry standards and held for up to four weeks by Apromore’s storage systems. Seek more backups? No problem. Customized backups can be enabled at any time.

Data Deletion

If you wish to delete your data, you can do so at any time via Apromore’s Portal. In-line with our retention policy, regular backups are automatically deleted as an added protection.

Update Cycles

Patches and hotfixes are applied immediately via a continuous delivery pipeline. You will be informed of new versions, and authorize us to upgrade your instance on an agreed-upon timeframe. We use DNS remapping and backup validation to allow safe rollback. We take extra care to protect your information and minimize impact on business operations during upgrades.

Vector image of a man and woman communicating

Do you have a question?
Ask us.

Contact us
Vector image of a man sitting at a desk with computer

Our interactive demo shows how
Apromore can work for you.

Request a demo
Vector image of a woman sitting at a desk with computer

Sign up for a free 30-day trial.
No strings attached.

Start free trial

Subscribe to our newsletter

By subscribing, I agree with Apromore Pty Ltd's Privacy Policy and Terms & Conditions.