The security of our products and services is a critical focus area for our organization. We utilize formal information security management practices based on globally accepted frameworks, regularly assess risks and periodically review our policies, procedures, and practices.
Aptitude Software utilizes secure by design principles in the development of its products and services including secure coding practices, periodic internal and external vulnerability scanning and penetration testing of our products. For further questions regarding our product security practices, please contact us at information-security@aptitudesoftware.com
Aptitude Software creates and implements security policies based on industry best practices as well as international standards and regularly conducts internal audits, external attestations and third-party assessments for its products.
Aptitude Software engages AICPA accredited auditing firms to perform independent audits and to assess the effectiveness of controls in place for its cloud-based services. Below is a listing of current services covered by these attestations:
(1.) Aptitude RevStream (AREV): Currently covered by a SOC1 Type II report issued every 6 months, with an audit period of 12 months.
Existing clients can access the SOC1 report for the previous 5 cycles at this link.
(2.) Aptitude Lease Accounting Engine (ALAE): A SOC1 Type II report will be issued in 2019.
The report (July 2019) can be requested for existing ALAE clients by contacting us at information-security@aptitudesoftware.com
(3.) A SOC2 report covering Security and Availability will be issued for Aptitude Cloud Services in 2019.
The report can be requested for existing clients by contacting us at information-security@aptitudesoftware.com
Aptitude Software is compliant with domestic and international standards and privacy laws. We utilize privacy by design principles in the design of our products and services. The Aptitude Software Data Protection Office (DPO) is responsible for privacy management at Aptitude Software. Our privacy statement is available at this link. For further questions please contact us at dataprotection-office@aptitudesoftware.com
Aptitude Software utilizes formal incident response polices and procedures in the event of a security incident. Our process includes steps for incident identification, prioritization, threat monitoring, triage and incident resolution.
Existing clients can report security incidents to Aptitude Software at information-security@aptitudesoftware.com