Platform Security & Compliance Standards | Data Encryption & Storage

We go beyond the security and compliance standards you’d expect

Our team is focused on keeping Appspace as the secure, fast, compliant, and reliable platform your organization can trust.

SOC-2 Type-II

Cloud Security Alliance

We take security very seriously

Our team take considerable measures to maintain the trust of our customers, including (but not limited to):

Regional Data Storage

Appspace is designed to work on regional storage, keeping customer data close to (their) home.

Redundant Storage

Customer data is backed up at least every fours in the event it something needs to be recovered.

Automatic Failover

In the event of failure, standby services can step in with minimal interruption to the customer.

Disaster Recovery Plan

Our plans are regularly tested and improved to ensure the lowest impact to customers.

Company-Wide Training

We conduct regular third-party training for all employees on security threat awareness.

HSTS Preloaded

Inclusion in Google's strict program for sites that are hardcoded as being HTTPS only.

Data Encryption

All customer data is encrypted with TLS 1.2+ when in transit and AES256 when at rest.

Biometric Security

Physical access to data centers housing Appspace services and data require multi-level verification.

Physical Security

Data centers housing Appspace services and data are monitored 24/7/365 by security personnel.

CCTV Monitoring

Data centers housing Appspace services and data are monitored 24/7/365 by CCTV surveillance.

Earthquake-Proof Facilities

Data centers housing Appspace services and data are protected from severe natural disasters.

Background Checks

All employees go through background checks to mitigiate potential risks.

Authorized Only

All support team access is restricted for maintenance and troubleshooting purposes.

Privileged Access

Top-level administrators require an additional set of authentication using a one-time password.

Multi-Level Tokens

We implement session, access, and refresh tokens in multiple areas of the Appspace platform.

Continuous Access Logging

All support team activity is logged and recorded to mitigate potential risks.

Software Security Testing

We run regular internal & third-party penetration testing of Appspace services for known vulnerabilities.

Network Testing

We run regular internal & third-party penetration testing of Appspace infrastructure for known vulnerabilities.

External Audits & Tools

Continuous cycle of testing and improvement using dedicated tools and independent auditors.

Dedicated CloudOps Team

Experts focused on continuous performance, operations, and security improvements.

Built to Scale

Infrastructure and operational controls designed to transparently grow well beyond your needs.

We expect big things from our partners

We hold our service providers to very high standards. Data centers, co-location, and managed service providers undergo regular SOC1, SOC2 and/or ISO 27001 audits to verify their practices.

Frequent audits

Troubleshooting teams

Regular security tests

Industry compliance

FEBRUARY 2022

Security Whitepaper

Check out our 2022 Security Whitepaper

FAQs

We get asked a lot of questions, so we've pulled them together to make it easier for you to find the answers you need. This page is updated regularly, so be sure to check back for updates.

ISO27001 - The Appspace Security Team has modeled our internal security policies on the ISO27001 Certification. Certain aspects of the certification do not apply to our customer’s needs, but we are working on expanding the scope of the certification of our product and cloud services portfolio.

We have put a lot of work into implementing controls that help us meet our customer’s needs and can adjust quickly to the realities and challenges of delivering a SaaS platform. We include the controls found in external regulatory requirements and industry standards.

For Appspace cloud users, we've outlined our approach in our Cloud Security Statement and our Privacy Policy.

Appspace uses TLS to protect information while in transit across the Internet. We have implemented TLS1.2 and higher to support 256bit and higher encryption, further supporting data protection.

All database and content backups for the Appspace platform occur at least every four hours, and backups are retained for no less than three months. All backup data is encrypted.

Yes, Appspace cloud-based systems only use TLS, for communication. In addition, and in line with Industry standards, we have removed support for SSL 3.

Passwords are stored in a one-way hash within the Appspace platform.

We have an extensive security process that includes ongoing testing of our hosted systems.  We also undertake third party independent assessments of our platform.
We are working on determining the best way to share reports and be open about our internal testing results in a way that is secure and makes sense for our customers and us.
In line with our End User Agreement, we currently do not allow customer-initiated testing for our hosted service. We are committed to being open and share security information on this page.
We are committed to being open and transparent and sharing as much information as we can to enable you to make your decision to use our platform. Unfortunately we are not able to answer each individual questionnaire.
We aim to ensure Appspace users don't experience an outage or a security incident. However, an Incident Response Plan outlines the roles and responsibilities for Appspace and its users during such an event. Each plan is tailored to a specific incident type and is issued to account owners should a security incident should occur.

ISO27001 - The Appspace Security Team has modeled our internal security policies on the ISO27001 Certification. Certain aspects of the certification do not apply to our customer’s needs, but we are working on expanding the scope of the certification of our product and cloud services portfolio.

We have put a lot of work into implementing controls that help us meet our customer’s needs and can adjust quickly to the realities and challenges of delivering a SaaS platform. We include the controls found in external regulatory requirements and industry standards.

For Appspace cloud users, we've outlined our approach in our Cloud Security Statement and our Privacy Policy.

Appspace uses TLS to protect information while in transit across the Internet. We have implemented TLS1.2 and higher to support 256bit and higher encryption, further supporting data protection.

All database and content backups for the Appspace platform occur at least every four hours, and backups are retained for no less than three months. All backup data is encrypted.

Yes, Appspace cloud-based systems only use TLS, for communication. In addition, and in line with Industry standards, we have removed support for SSL 3.

Passwords are stored in a one-way hash within the Appspace platform.
We have an extensive security process that includes ongoing testing of our hosted systems.  We also undertake third party independent assessments of our platform.
We are working on determining the best way to share reports and be open about our internal testing results in a way that is secure and makes sense for our customers and us.
In line with our End User Agreement, we currently do not allow customer-initiated testing for our hosted service. We are committed to being open and share security information on this page.
We are committed to being open and transparent and sharing as much information as we can to enable you to make your decision to use our platform. Unfortunately we are not able to answer each individual questionnaire.
We aim to ensure Appspace users don't experience an outage or a security incident. However, an Incident Response Plan outlines the roles and responsibilities for Appspace and its users during such an event. Each plan is tailored to a specific incident type and is issued to account owners should a security incident should occur.