Take our new assessment that helps you assess, benchmark and accelerate your journey towards Autonomous Finance. In just a few minutes.
The security of our products and services is a critical focus area for our organization. We utilize formal information security management practices based on globally accepted frameworks, regularly assess risks and periodically review our policies, procedures, and practices.
Aptitude Software utilizes secure by design principles in the development of its products and services including secure coding practices, periodic internal and external vulnerability scanning and penetration testing of our products. For further questions regarding our product security practices, please contact us at information-security@aptitudesoftware.com
Aptitude Software utilizes a responsible vulnerability management program and has a formal approach for vulnerability management (compliant with ISO27001) for our applications and infrastructure. In the rare event that clients, partners and/or other third parties with access to Aptitude Software applications identify vulnerabilities with our applications and services, we work closely and urgently with them to resolve such issues. Issues and problems can be reported at information-security@aptitudesoftware.com or to support@aptitudesoftware.com . In general, we urge third parties to exercise prudence in the event any potential vulnerabilities are identified and refrain from public disclosure or exploitation of the vulnerabilities. Aptitude Software acknowledges responsibility for resolution of valid identified vulnerabilities in a timely manner based on risk level per our policy.
The Aptitude Software Security Compliance Program helps communicate our information security posture and compliance of Aptitude Software systems and services.
Information Technology and Security Standards we comply with can be grouped as Attestations, Certifications, Frameworks and Privacy Regulations. Certifications and
Attestations are assessed by third-party, independent auditors and result in a certification, an audit report, or an attestation of compliance. Aptitude Software services clients
remain responsible for complying with applicable laws, regulations, and privacy programs. Existing clients (and service users) can obtain compliance reports by contacting us at information-security@aptitutudesoftware.com.
Aptitude Software is compliant with domestic and international standards and privacy laws. We utilize privacy by design principles in the design of our products and services. The Aptitude Software Data Protection Office (DPO) is responsible for privacy management at Aptitude Software. Our privacy statement is available at this link. For further questions please contact us at dataprotection-office@aptitudesoftware.com
Aptitude Software utilizes formal incident response polices and procedures in the event of a security incident. Our process includes steps for incident identification, prioritization, threat monitoring, triage and incident resolution.
Existing clients can report security incidents to Aptitude Software at information-security@aptitudesoftware.com
Acceptable Use Policy – This policy applies to the client’s use of Aptitude Software Cloud Services
Conflict in Ukraine
Release Date: March 10th, 2022 |Revision Date: September 7th, 2022
Aptitude Software is closely monitoring the current military conflict in Ukraine and Russia. We do not have any infrastructure or employees in either Ukraine or Belarus nor are we reliant on any third-party service organization or vendor service provided out of these countries. Additionally, our organization has taken steps to establish the required cyber resilience in the event of a spill-over of cyber-attacks, destructive malware, misinformation and other threats outside of the conflict zone per guidance provided by CISA (www.cisa.gov/uscert) and other governmental agencies. We have enhanced our cyber vigilance against these threats, updated our already robust business continuity plans to reflect current threat scenarios, and reinforced the same with our employees and other stakeholders. These measures will ensure the continued protection of our employees, offices, clients and information assets, and to mitigate any threats in a timely manner. We will provide additional notification directly to our client contacts in the event of any specific risks or impact to our services adhering to our contractual commitments and incident response policies.
Clients, partners and vendor service organizations can contact us at information-security@aptitudesoftware.com or support@aptitudesoftware.com in the event of any additional questions.
On Friday, July 19, 2024, morning, reports surfaced globally of Microsoft Windows operating system users encountering the Blue Screen of Death (BSOD) following the latest update from CrowdStrike. This widespread issue has severely impacted critical services, including telecommunications, banking, airline and railway operations, supermarkets, hospitals, and major news networks.
For those clients concerned about the impact of this outage on Aptitude Software, we do NOT leverage any services directly from CrowdStrike and do not expect any direct impact due to the issue.
Our client facing services are currently up and running as usual. While certain Microsoft Azure (MS Azure) hosted client services did experience Microsoft service outages possibly linked to the CrowdStrike issue earlier during the day, we have no outages or impact at the present time. Our Cyber Security Operations teams are continually monitoring cloud service providers (including MS Azure) utilized for the delivery of our cloud services.
By: Mike Johns, CFO
February 9,2024
Aptitude Software customers entrust us to ensure that we provide a high degree of assurance regarding the security of our products and services. Our client information security assurance program includes our SOC program for our SaaS products as well as our ISO/IEC 27001:2013 (ISO 27001) certification and our PCI certification and GDPR program for products handling card data and personal data.
I am now excited to announce that Aptitude Software has successfully achieved renewal of our ISO 27001 certification on February 2, 2024 which includes the addition of our Fynapse product. The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system (ISMS) within the context of the organization’s overall business risks. Published by the International Organization for Standardization (ISO), ISO 27001 is a globally recognized standard for the establishment and certification of an ISMS. During the course of this certification, Aptitude Software has demonstrated a formalized approach to managing information security risks that affect the confidentiality, integrity, and availability of our client’s data.
The certificate was issued on February 2, 2024, by Schellman Compliance, LLC, an ANAB and UKAS accredited Certification Body based in the United States. The scope of the ISO 27001 certificate includes the ISMS supporting the development, delivery, and management of the following products and services:
The certificate can be independently verified, viewed and downloaded at ISO Certificate Directory | Schellman. Please feel free to contact our Information Security Team at information-security@aptitudesoftware.com for further details.
