Platform security you can count on

Our team is focused on keeping Appspace as the secure, fast, compliant, and reliable platform your organization can trust.

SOC-3 Type-II

ISO 27001

ISO 27017

Cloud Security Alliance

Microsoft 365 Certified App

We take security very seriously

Our team takes considerable measures to maintain the trust of our customers, including (but not limited to):

Regional Data Storage

Appspace is designed to work on regional storage, keeping customer data close to (their) home.

Redundant Storage

Customer data is backed up at least every four hours in the event that something needs to be recovered.

Automatic Failover

In the event of failure, standby services can step in with minimal interruption to the customer.

Disaster Recovery Plan

Our plans are regularly tested and improved to ensure the lowest impact to customers.

Company-Wide Training

We conduct regular third-party training for all employees on security threat awareness.

HSTS Preloaded

Inclusion in Google's strict program for sites that are hardcoded as being HTTPS only.

Data Encryption

All customer data is encrypted with TLS 1.2+ when in transit and AES256 when at rest.

Biometric Security

Physical access to data centers housing Appspace services and data require multi-level verification.

Physical Security

Data centers housing Appspace services and data are monitored 24/7/365 by security personnel.

CCTV Monitoring

Data centers housing Appspace services and data are monitored 24/7/365 by CCTV surveillance.

Earthquake-Proof Facilities

Data centers housing Appspace services and data are protected from severe natural disasters.

Background Checks

All employees go through background checks to mitigiate potential risks.

Authorized Only

All support team access is restricted for maintenance and troubleshooting purposes.

Privileged Access

Top-level administrators require an additional set of authentication using a one-time password.

Multi-Level Tokens

We implement session, access, and refresh tokens in multiple areas of the Appspace platform.

Continuous Access Logging

All support team activity is logged and recorded to mitigate potential risks.

Software Security Testing

We run regular internal & third-party penetration testing of Appspace services for known vulnerabilities.

Network Testing

We run regular internal & third-party penetration testing of Appspace infrastructure for known vulnerabilities.

External Audits & Tools

Continuous cycle of testing and improvement using dedicated tools and independent auditors.

Dedicated CloudOps Team

Experts focused on continuous performance, operations, and security improvements.

Built to Scale

Infrastructure and operational controls designed to transparently grow well beyond your needs.

We expect big things from our partners

We hold our service providers to very high standards. Data centers, co-location, and managed service providers undergo regular SOC1, SOC2 and/or ISO 27001 audits to verify their practices.

Frequent audits

Troubleshooting teams

Regular security tests

Industry compliance

APRIL 2024

Security Whitepaper

Check out our 2024 Security Whitepaper

FAQs

We get asked a lot of questions, so we've pulled them together to make it easier for you to find the answers you need. This page is updated regularly, so be sure to check back for updates.

Does Appspace adhere to Information security standards?

ISO27001 - The Appspace Security Team has modeled our internal security policies on the ISO27001 Certification. Certain aspects of the certification do not apply to our customer’s needs, but we are working on expanding the scope of the certification of our product and cloud services portfolio.

Will Appspace share information on its internal controls?

We have put a lot of work into implementing controls that help us meet our customer’s needs and can adjust quickly to the realities and challenges of delivering a SaaS platform. We include the controls found in external regulatory requirements and industry standards.

Who has access to user data?

For Appspace cloud users, we've outlined our approach in our Cloud Security Statement and our Privacy Policy.

Is user data encrypted?

Appspace uses TLS to protect information while in transit across the Internet. We have implemented TLS1.2 and higher to support 256bit and higher encryption, further supporting data protection.

How are backups managed?

All database and content backups for the Appspace platform occur at least every four hours, and backups are retained for no less than three months. All backup data is encrypted.

Is TLS always used?

Yes, Appspace cloud-based systems only use TLS, for communication. In addition, and in line with Industry standards, we have removed support for SSL 3.

How are user passwords stored?

Passwords are stored in a one-way hash within the Appspace platform.

Does Appspace audit its cloud security?

We have an extensive security process that includes ongoing testing of our hosted systems. We also undertake third party independent assessments of our platform.

Can we see the testing reports?

We are working on determining the best way to share reports and be open about our internal testing results in a way that is secure and makes sense for our customers and us.

Can we undertake our own security testing?

In line with our End User Agreement, we currently do not allow customer-initiated testing for our hosted service. We are committed to being open and share security information on this page.

Can you complete my Security Questionnaire?

We are committed to being open and transparent and sharing as much information as we can to enable you to make your decision to use our platform. Unfortunately we are not able to answer each individual questionnaire.

What happens during a security incident?

We aim to ensure Appspace users don't experience an outage or a security incident. However, an Incident Response Plan outlines the roles and responsibilities for Appspace and its users during such an event. Each plan is tailored to a specific incident type and is issued to account owners should a security incident should occur.