Platform Security & Compliance Standards

Our team is focused on ensuring that Appspace is the secure, fast, compliant, and reliable platform you expect.

Industry compliance

Recognized practices for infrastructure, controls, and tech.

Regular tests & audits

Continuous cycle of testing and improvement management.

Dedicated ops team

Experts focused on performance, operations, and security.

Built to scale

Infrastructure & controls designed to grow well beyond your needs.

Optimized data storage & encryption

The Appspace platform is designed and optimized to run on separate regional hardware on which the data is stored. Hardware failures are recovered automatically and data stored on redundant storage is backed up at least every four hours. All data is encrypted when in transit & at rest.

Industry-leading SOC compliance

Appspace is SOC Type II certified. For more information, please see our full SOC 3 report for further details on this process and Appspace’s security compliance. 

View Report >>

Secure facilities access

Access to data centers is highly restricted and limited to authorized personnel only. Facilities include:

Restricted account access

Appspace support teams access hosted accounts and data for maintenance and troubleshooting is tightly managed.

Peace of mind from industry compliance

As you would expect, we follow widely accepted standards and regulations for testing our operations, environment & controls.

Comprehensive software security testing

Our security team perform regular automated and manual software and network vulnerability testing.

We are all about being better

Continuous development is a key part of any information security management process. Appspace solicits feedback from several internal teams, customers, as well as internal and external auditors to improve our security, privacy and compliance processes and controls over time.

We expect big things from our partners

We hold our service providers to very high standards. Data centers, co-location, and managed service providers undergo regular SOC1, SOC2 and/or ISO 27001 audits to verify their practices.

Frequent audits

Troubleshooting teams

Regular security tests

Industry compliance

FAQ

We get asked a lot of questions, we've gathered them together to make it easier for you to find the answers you need. This page is regularly updated, so be sure to check back for new answers.

ISO27001 - The Appspace Security Team has modeled our internal security policies on the ISO27001 Certification. Certain aspects of the certification do not apply to our customer’s needs, but we are working on expanding the scope of the certification of our product and cloud services portfolio.

We have put a lot of work into implementing controls that help us meet our customer’s needs and can adjust quickly to the realities and challenges of delivering a SaaS platform. We include the controls found in external regulatory requirements and industry standards.

For Appspace cloud users, we've outlined our approach in our Cloud Security Statement and our Privacy Policy.

Appspace uses TLS to protect information while in transit across the Internet. We have implemented TLS1.2 and higher to support 256bit and higher encryption, further supporting data protection.

All database and content backups for the Appspace platform occur at least every four hours, and backups are retained for no less than three months. All backup data is encrypted.

Yes, Appspace cloud-based systems only use TLS, for communication. In addition, and in line with Industry standards, we have removed support for SSL 3.

Passwords are stored in a one-way hash within the Appspace platform.

We have an extensive security process that includes ongoing testing of our hosted systems.  We also undertake third party independent assessments of our platform.

We are working on determining the best way to share reports and be open about our internal testing results in a way that is secure and makes sense for our customers and us.

In line with our End User Agreement, we currently do not allow customer-initiated testing for our hosted service. We are committed to being open and share security information on this page.

We are committed to being open and transparent and sharing as much information as we can to enable you to make your decision to use our platform. Unfortunately we are not able to answer each individual questionnaire.

We aim to ensure Appspace users don't experience an outage or a security incident. However, an Incident Response Plan outlines the roles and responsibilities for Appspace and its users during such an event. Each plan is tailored to a specific incident type and is issued to account owners should a security incident should occur.