Aptitude Software Security Trust Center

The security of our products and services is a critical focus area for our organization. We utilize formal information security management practices based on globally accepted frameworks, regularly assess risks and periodically review our policies, procedures, and practices.

Product Security

Aptitude Software utilizes secure by design principles in the development of its products and services including secure coding practices, periodic internal and external vulnerability scanning and penetration testing of our products.  For further questions regarding our product security practices, please contact us at information-security@aptitudesoftware.com


Aptitude Software creates and implements security policies based on industry best practices as well as international standards and regularly conducts internal audits, external attestations and third-party assessments for its products.

External Audits and Attestations

Aptitude Software engages an AICPA accredited auditing firm to perform independent audits and to assess the effectiveness of controls in place for its cloud-based services.

Below is a listing of current services covered by these attestations:

(1.) Aptitude RevStream (AREV):  Currently covered by a SOC1 Type II report issued every 6 months, with an audit period of 12 months.

Existing clients (service users) can request this SOC report  by contacting us at information-security@aptitudesoftware.com

(2.) Aptitude Lease Accounting Engine (ALAE):  Currently covered by a SOC1 Type II report issued every 6 months, with an audit period of 12 months*

Existing ALAE clients (service users) can request this SOC report by contacting us at information-security@aptitudesoftware.com

*2019 is the first year of operation for the ALAE service so the period covered will be less than 12 months

Our SOC1 reports are released twice a year January  (for periods ending in November) and July (for periods ending in May)

(3.) Security and Availability for Aptitude Cloud Services: Currently covered by a SOC2 report Type II report with an audit period of 12 months.

The report can be requested by current and prospective cloud services clients by contacting us at information-security@aptitudesoftware.com

Our SOC2 report is released once a year in July (for periods ending in May)


Aptitude Software is compliant with domestic and international standards and privacy laws. We utilize privacy by design principles in the design of our products and services. The Aptitude Software Data Protection Office (DPO) is responsible for privacy management at Aptitude Software. Our privacy statement is available at this link. For further questions please contact us at dataprotection-office@aptitudesoftware.com

Incident Response

Aptitude Software utilizes formal incident response polices and procedures in the event of a security incident. Our process includes steps for incident identification, prioritization, threat monitoring, triage and incident resolution.

Existing clients can report security incidents to Aptitude Software at information-security@aptitudesoftware.com

Latest Resources