The security of our products and services is a critical focus area for our organization. We utilize formal information security management practices based on globally accepted frameworks, regularly assess risks and periodically review our policies, procedures, and practices.
Aptitude Software utilizes secure by design principles in the development of its products and services including secure coding practices, periodic internal and external vulnerability scanning and penetration testing of our products. For further questions regarding our product security practices, please contact us at information-security@aptitudesoftware.com
The Aptitude Software Compliance program helps communicate our information security posture and controls in place to maintain security and compliance for our services. IT standards we comply with include Certifications, Attestations, Laws/Regulations and Framework Alignments.
Certifications and Attestations are assessed by third-party, independent auditors and result in a certification, an audit report, or an attestation of compliance. Aptitude Software services clients remain responsible for complying with applicable laws, regulations, and privacy programs. Existing clients (and service users) can obtain compliance reports by contacting us at information-security@aptitutudesoftware.com.
Aptitude Software is compliant with domestic and international standards and privacy laws. We utilize privacy by design principles in the design of our products and services. The Aptitude Software Data Protection Office (DPO) is responsible for privacy management at Aptitude Software. Our privacy statement is available at this link. For further questions please contact us at dataprotection-office@aptitudesoftware.com
Aptitude Software utilizes formal incident response polices and procedures in the event of a security incident. Our process includes steps for incident identification, prioritization, threat monitoring, triage and incident resolution.
Existing clients can report security incidents to Aptitude Software at information-security@aptitudesoftware.com
Acceptable Use Policy – This policy applies to the client’s use of Aptitude Software Cloud Services
Conflict in Ukraine
Release Date: March 10th, 2022 |Revision Date: September 7th, 2022
Aptitude Software is closely monitoring the current military conflict in Ukraine and Russia. We do not have any infrastructure or employees in either Ukraine or Belarus nor are we reliant on any third-party service organization or vendor service provided out of these countries. Additionally, our organization has taken steps to establish the required cyber resilience in the event of a spill-over of cyber-attacks, destructive malware, misinformation and other threats outside of the conflict zone per guidance provided by CISA (www.cisa.gov/uscert) and other governmental agencies. We have enhanced our cyber vigilance against these threats, updated our already robust business continuity plans to reflect current threat scenarios, and reinforced the same with our employees and other stakeholders. These measures will ensure the continued protection of our employees, offices, clients and information assets, and to mitigate any threats in a timely manner. We will provide additional notification directly to our client contacts in the event of any specific risks or impact to our services adhering to our contractual commitments and incident response policies.
Clients, partners and vendor service organizations can contact us at information-security@aptitudesoftware.com or support@aptitudesoftware.com in the event of any additional questions.
By: Jeremy Suddards, CEO
February 24,2023
Our Aptitude Software customers entrust us to ensure that we provide a high degree of assurance regarding the security of our products and services. Aptitude Software has always maintained a strong client assurance program across products including our SOC program for our SaaS products as well as our PCI certification and GDPR program for products handling personal data.
I am now excited to announce a significant new recognition of our security posture across products. Aptitude Software has successfully achieved ISO/IEC 27001:2013 certification. ISO 27001:2013 is a rigorous third-party independent assessment of the international standard for Information Technology Security. Published by the International Organization for Standardization (ISO), ISO 27001 is a widely-adopted global security standard that sets requirements and best practices for information security. During the course of this certification, Aptitude Software has demonstrated a formal and well-designed approach to managing information security risks that affect the confidentiality, integrity, and availability of client data. This certification reinforces Aptitude Software’s commitment to providing transparency into our security controls and practices and assures clients that we follow industry-leading security best practices in our product offerings.
Schellman, an independent third-party auditor, issued the certificate on February 2, 2022. The scope of the ISO 27001:2013 certificate includes the information security management system (ISMS) supporting the development, delivery, and management of the following products and services:
The certificate can be independently verified, viewed and downloaded at ISO Certificate Directory | Schellman. Please feel free to contact our Information Security Team at information-security@aptitudesoftware.com for further details.
