Information Security
As companies and law firms accelerate their transition away from familiar, legacy, on premise software tools, towards modern cloud-based SaaS platforms, one of the key areas of apprehension is, understandably, security.
Our Information Security Management System and Certifications
As an Apperio customer, you will benefit from our information security posture which is to employ and adopt the best-of-breed industry security standards and practices. To this end we have gone out our way to prove this by being audited to three distinct standards.
ISO/IEC 27001
Certificate Number 23430
We are committed to keeping our customer’s data safe and secure. We have implemented a robust Information Security Management system to ISO27001 standards which is a globally recognised certification and has been independently audited by Alcumus. This certificate can be found at our trust report here.
Cyber Essentials Plus
Our information security also complies with the UK Government’s Cyber Security Essentials Plus which is audited and PEN tested by external experts. This is mandatory for UK government vendors. This certificate can be found at our trust report here.
SOC 2 Type 2
We’re pleased to announce that we have achieved AICPA SOC 2 Type 2 attestation for Service Organisations in March 2021. It is a rigorous evaluation of the operational effectiveness of systems designed for managing customer data based on the “trust service principles”—security, availability and confidentiality over an extended period of time. It is independently audited on an annual basis. This certificate can be requested upon the signing of a non-disclosure agreement.
Our Suppliers
Paraphrasing John Donne, no company is an island: we partner with suppliers such as Amazon Web Services (AWS) which has a similar strategy towards information security and keeping our data safe. They have an extensive collection of information security certifications and attestations.
Our other suppliers also operate similar information security controls and many hold the same or equivalent certifications.
Our Policies
We have a comprehensive set of policies covering data protection, identity and access management, application, application development, system, availability, operations, human resources, security training and supply chain security.
These have been endorsed by three independent auditors to SOC2 Type 2, ISO27001 and Cyber Essentials Plus standards.