Security at Apica
ISO27001 and SOC2
In a world in constant motion where threat actors are everywhere it is important to always improve the security in all parts of your organization. We believe that is done by leveraging industry best practices and adopting the latest technology. We are proud to be both ISO27001 and SOC2 certified and thus your data is safe and secure with us.
Apica’s SOC2 report is available to customers and potential customers upon request and will require a signed NDA to receive. Please contact support for access.
How Do We Protect Your Data
- Ongoing ISO27001 compliance and audits
- Ongoing SOC 2 compliance and audits
- Third party penetration tests
- Continuous vulnerability scans
- Protection of all company assets such as servers, laptops and mobile phones with enforcement of full hard drive encryptions, anti-malware software, hardening of OS, automatic OS updates, enrollment of endpoints in mobile device management software
- Security awareness training
- Information Security Policies and Procedures
- Encryption of data both at rest and in transit
- 24/7 365 days a year server uptime monitoring
- 24/7 365 days a year on-call staff
Staff Background Checks
All new staff including employees and consultants must undergo criminal background check and when deemed necessary education check, job history reference check and credit background check before any system access is given.
Confidentiality, Security and Policy and Procedures awareness
All staff including employees and consultants must sign confidentiality and non-disclosure agreements, complete security and policy and procedures awareness training to ensure they understand the importance of Information Security at Apica.
Risk Management Process
Information Security is based on knowing your risks and how to mitigate those. Apica has a Risk Management Policy and Procedure in place and risk analysis is performed in the whole organization when changes are discussed and planned. Risk registry is kept up to date and risk management is promoted as a natural part of our business.
Business Continuity Plan (BCP) & Disaster Recovery Plan (DRP)
In case of an emergency there should be a plan to follow. Apica has a Business Continuity Plan in place with several scenarios and their Disaster Recovery Plans. This BCP and DRP are tested continuously in table-top exercises to ensure that all plans are kept up to date.
Apica utilizes multiple cloud and colocation vendors to host its global server and systems infrastructure. Infrastructure as code is the standard for all infrastructure brought up. Autoscaling is utilized everywhere where possible to ensure the best performance for all our customers.
Backup of data
Our customers data is one the most important assets we have at Apica and thus we ensure all systems are backed up and copies are distributed to different locations.
Apica has a Change Management Policy in place that ensures that any changes to production are logged and that there is a roll-back plan for each change.
You are only as strong as your weakest link and thus it is important to have a vendor management and procurement process in place. Apica has Vendor Management Policies and Procedures in place to ensure that all vendors live up to our security standards. All new vendors are vetted in our procurement process and each vendor is assigned a confidentiality, integrity and availability score depending on what data they will handle and have access to. All vendors are continuously reviewed to ensure they adhere to our security standards.
Secure Software Development
Secure Software Development Lifecycle
Apica has a Secure Software Development Policy in place to ensure that our developers understand how to produce code and applications that is safe and secure. We ensure that development environments are always separated from the production environments. All our code is tested, reviewed and automatically scanned for vulnerabilities, and we believe that automation and a modern CI/CD pipeline ensure safe and secure code.