Aptitude Software Security Trust Center

The security of our products and services is a critical focus area for our organization. We utilize formal information security management practices based on globally accepted frameworks, regularly assess risks and periodically review our policies, procedures, and practices.

Product Security

Aptitude Software utilizes secure by design principles in the development of its products and services including secure coding practices, periodic internal and external vulnerability scanning and penetration testing of our products.  For further questions regarding our product security practices, please contact us at information-security@aptitudesoftware.com

 

Security Compliance Program (as of November 2022)

The Aptitude Software Compliance program helps communicate our information security posture and controls in place to maintain security and compliance for our services.  IT standards we comply with include Certifications, Attestations, Laws/Regulations and Framework Alignments.

Certifications and Attestations are assessed by third-party, independent auditors and result in a certification, an audit report, or an attestation of compliance. Aptitude Software services clients remain responsible for complying with applicable laws, regulations, and privacy programs. Existing clients (and service users) can obtain compliance reports by contacting us at information-security@aptitutudesoftware.com.

Privacy

Aptitude Software is compliant with domestic and international standards and privacy laws. We utilize privacy by design principles in the design of our products and services. The Aptitude Software Data Protection Office (DPO) is responsible for privacy management at Aptitude Software. Our privacy statement is available at this link. For further questions please contact us at dataprotection-office@aptitudesoftware.com

Incident Response

Aptitude Software utilizes formal incident response polices and procedures in the event of a security incident. Our process includes steps for incident identification, prioritization, threat monitoring, triage and incident resolution.

Existing clients can report security incidents to Aptitude Software at information-security@aptitudesoftware.com

Security Documentation

Acceptable Use Policy – This policy applies to the client’s use of Aptitude Software Cloud Services

Current Security Topics

Conflict in Ukraine

Release Date: March 10th, 2022 |Revision Date: September 7th, 2022

Aptitude Software is closely monitoring the current military conflict in Ukraine and Russia. We do not have any infrastructure or employees in either Ukraine or Belarus nor are we reliant on any third-party service organization or vendor service provided out of these countries. Additionally, our organization has taken steps to establish the required cyber resilience in the event of a spill-over of cyber-attacks, destructive malware, misinformation and other threats outside of the conflict zone per guidance provided by CISA (www.cisa.gov/uscert) and other governmental agencies.  We have enhanced our cyber vigilance against these threats, updated our already robust business continuity plans to reflect current threat scenarios, and reinforced the same with our employees and other stakeholders. These measures will ensure the continued protection of our employees, offices, clients and information assets, and to mitigate any threats in a timely manner. We will provide additional notification directly to our client contacts in the event of any specific risks or impact to our services adhering to our contractual commitments and incident response policies.

 

Possible United Kingdom (UK) National Grid Power Blackouts in Q4 2022 and Q1 2023

Release Date: November 2023

Per recent media reports, the U.K National Grid is exploring planned blackouts in a ‘worst case scenario’  over the next 3-4 months in the UK. Aptitude Software has a formal Business Continuity Management program in place and has documented Incident Response Plans (IRPs) to cover such situations . These plans include Aptitude Software Office facilities based in the United Kingdom. Additionally, Aptitude Software has also reviewed plans for its Cloud Infrastructure Service Providers and Data Center Service Providers based in the UK and has incorporated any additional actions into its IRPs related to these service providers.  As such, Aptitude Software would like to assure our clients that while such blackouts are unlikely, we are prepared for the same.

 

Clients, partners and vendor service organizations can contact us at information-security@aptitudesoftware.com  or support@aptitudesoftware.com in the event of any additional questions.

 

 

Latest Resources