Aptitude Software Security Trust Center

Product Security

Aptitude Software utilizes secure by design principles in the development of its products and services including secure coding practices, periodic internal and external vulnerability scanning and penetration testing of our products.  For further questions regarding our product security practices, please contact us at information-security@aptitudesoftware.com

Compliance

External Audits and Attestations

Aptitude Software engages an AICPA accredited auditing firm to perform independent audits and to assess the effectiveness of controls in place for its cloud-based services.

Below is a listing of current services covered by these attestations:

(1.) Aptitude RevStream (AREV):  Currently covered by a SOC1 Type II report issued every 6 months, with an audit period of 12 months.

Existing clients (service users) can request this SOC report  by contacting us at information-security@aptitudesoftware.com

(2.) Aptitude Lease Accounting Engine (ALAE):  Currently covered by a SOC1 Type II report issued every 6 months, with an audit period of 12 months

Existing ALAE clients (service users) can request this SOC report by contacting us at information-security@aptitudesoftware.com

Our SOC1 reports are released twice a year January  (for periods ending in November) and July (for periods ending in May)

(3.) Security and Availability for Aptitude Cloud Services: Currently covered by a SOC2 report Type II report with an audit period of 12 months.

The report can be requested by current and prospective cloud services clients by contacting us at information-security@aptitudesoftware.com

Our SOC2 report is released once a year in July (for periods ending in May)

Privacy

Aptitude Software is compliant with domestic and international standards and privacy laws. We utilize privacy by design principles in the design of our products and services. The Aptitude Software Data Protection Office (DPO) is responsible for privacy management at Aptitude Software. Our privacy statement is available at this link. For further questions please contact us at dataprotection-office@aptitudesoftware.com

Incident Response

Aptitude Software utilizes formal incident response polices and procedures in the event of a security incident. Our process includes steps for incident identification, prioritization, threat monitoring, triage and incident resolution.

Existing clients can report security incidents to Aptitude Software at information-security@aptitudesoftware.com

Security Documentation

Acceptable Use Policy – This policy applies to the client’s use of Aptitude Software Cloud Services

Current Security Topics

Conflict in Ukraine

Release Date: March 10, 2022 |Revision Date: March 10, 2022

Aptitude Software is closely monitoring the current military conflict in Ukraine and Russia. While we do not have any infrastructure or employees in either Ukraine or Russia, our organization has taken steps to establish the required cyber resilience in the event of a spill-over of cyber-attacks, destructive malware, misinformation and other threats outside of the conflict zone per guidance provided by CISA (www.cisa.gov/uscert) and other governmental agencies.  We have enhanced our cyber vigilance against these threats, updated our already robust business continuity plans to reflect current threat scenarios, and reinforced the same with our employees and other stakeholders. These measures will ensure the continued protection of our employees, offices, clients and information assets, and to mitigate any threats in a timely manner. We will provide additional notification directly to our client contacts in the event of any specific risks or impact to our services adhering to our contractual commitments and incident response policies.

Clients, partners and vendor service organizations can contact us at information-security@aptitudesoftware.com  or support@aptitudesoftware.com in the event of any additional questions.