Contact us
contact us

Aptitude Software Security Trust Center

The security of our products and services is a critical focus area for our organization. We utilize formal information security management practices based on globally accepted frameworks, regularly assess risks and periodically review our policies, procedures, and practices.

Product Security

Aptitude Software utilizes secure by design principles in the development of its products and services including secure coding practices, periodic internal and external vulnerability scanning and penetration testing of our products.  For further questions regarding our product security practices, please contact us at information-security@aptitudesoftware.com

 

Security Compliance Program (as of February 2024)

The Aptitude Software Compliance program helps communicate our information security posture and controls in place to maintain security and compliance for our services.  IT standards we comply with include Certifications, Attestations, Laws/Regulations and Framework Alignments.

Certifications and Attestations are assessed by third-party, independent auditors and result in a certification, an audit report, or an attestation of compliance. Aptitude Software services clients remain responsible for complying with applicable laws, regulations, and privacy programs. Existing clients (and service users) can obtain compliance reports by contacting us at information-security@aptitutudesoftware.com.

Privacy

Aptitude Software is compliant with domestic and international standards and privacy laws. We utilize privacy by design principles in the design of our products and services. The Aptitude Software Data Protection Office (DPO) is responsible for privacy management at Aptitude Software. Our privacy statement is available at this link. For further questions please contact us at dataprotection-office@aptitudesoftware.com

Incident Response

Aptitude Software utilizes formal incident response polices and procedures in the event of a security incident. Our process includes steps for incident identification, prioritization, threat monitoring, triage and incident resolution.

Existing clients can report security incidents to Aptitude Software at information-security@aptitudesoftware.com

Security Documentation

Acceptable Use Policy – This policy applies to the client’s use of Aptitude Software Cloud Services

Current Security Topics

Conflict in Ukraine

Release Date: March 10th, 2022 |Revision Date: September 7th, 2022

Aptitude Software is closely monitoring the current military conflict in Ukraine and Russia. We do not have any infrastructure or employees in either Ukraine or Belarus nor are we reliant on any third-party service organization or vendor service provided out of these countries. Additionally, our organization has taken steps to establish the required cyber resilience in the event of a spill-over of cyber-attacks, destructive malware, misinformation and other threats outside of the conflict zone per guidance provided by CISA (www.cisa.gov/uscert) and other governmental agencies.  We have enhanced our cyber vigilance against these threats, updated our already robust business continuity plans to reflect current threat scenarios, and reinforced the same with our employees and other stakeholders. These measures will ensure the continued protection of our employees, offices, clients and information assets, and to mitigate any threats in a timely manner. We will provide additional notification directly to our client contacts in the event of any specific risks or impact to our services adhering to our contractual commitments and incident response policies.

Clients, partners and vendor service organizations can contact us at information-security@aptitudesoftware.com  or support@aptitudesoftware.com in the event of any additional questions.

Aptitude Software achieves renewal of ISO 27001 certification, demonstrating our commitment to IT security.

By: Mike Johns, CFO

February 9,2024

 

Aptitude Software customers entrust us to ensure that we provide a high degree of assurance regarding the security of our products and services. Our client information security assurance program includes our SOC program for our SaaS products as well as our ISO/IEC 27001:2013 (ISO 27001) certification and our PCI certification and GDPR program for products handling card data and personal data.

I am now excited to announce that Aptitude Software has successfully achieved renewal of our ISO 27001 certification on February 2, 2024 which includes the addition of our Fynapse product. The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system (ISMS) within the context of the organization’s overall business risks. Published by the International Organization for Standardization (ISO), ISO 27001 is a globally recognized standard for the establishment and certification of an ISMS. During the course of this certification, Aptitude Software has demonstrated a formalized approach to managing information security risks that affect the confidentiality, integrity, and availability of our client’s data.

The certificate was issued on February 2, 2024, by Schellman Compliance, LLC, an ANAB and UKAS accredited Certification Body based in the United States. The scope of the ISO 27001 certificate includes the ISMS supporting the development, delivery, and management of the following products and services:

  • Aptitude RevStream (AREV);
  • Aptitude Lease Accounting Engine (ALAE);
  • Aptitude Accounting Hub (AAH) System including associated components of AAH,
  • Aptitude Insurance Calculation Engine (AICE) and Aptitude Calculate (AC);
  • Aptitude Revenue Recognition Engine (ARRE);
  • Aptitude Platform
  • Aptitude eSuite; and
  • Fynapse

The certificate can be independently verified, viewed and downloaded at ISO Certificate Directory | Schellman. Please feel free to contact our Information Security Team at information-security@aptitudesoftware.com for further details.

Latest Resources