At Appy Pie, we are well aware of the importance of security of user data. We know it’s the matter of trust that users show when they opt to put their data on the cloud. However, before going ahead, you must make sure that the partners you are trusting have a system in place for secure treatment of such information. Not just this, you must also check that your information is being secured as per your local standards and processes. To ensure complete security of user data, we pursue globally respected industry benchmark standards put forth by the International Organization for Standardization in the form of ISO 27001.
The ISO 27001 standards
The ISO 27001 is one of the most common ISO 27000 standards, a standard providing a series of frameworks helping organizations benchmark their user data treatment processes. The ISO 27001 provides requirements for an Information Security Management System (ISMS) while assuring that requirements are fulfilled for organizations completing a successful audit.
The Standard takes a risk-based approach to information security, requiring organizations to identify threats to their organization and select appropriate controls to tackle them.
Appy Pie, to comply with the ISO 27000 standards, ensures that the information security policy and human resource policy is documented in detail and is reviewed regularly. For asset management and access control, encryption, physical and environmental security, operations security, communications security and supplier relationships we have strong policy documentation here. Further, our policy and process for incident management is documented here.
Appy Pie services and processes in scope for these audits
The scope of the ISO 27001:2013 certification are bounded by Appy Pie LLP’s global network infrastructure and corresponding products and services including the management of development, operations, maintenance, and delivery of Support, Guide, and Chat, which are centrally managed out of the Appy Pie offices in Noida, UP (India), Warrenton, VA (United States of America), and London (UK).
Besides this, we also use Infrastructure-as-a-Service (IaaS) Data Center provider to protect the infrastructure that runs all of the services offered in the IaaS Cloud. Appy Pie security controls for managing the IaaS environment are included in the scope of this certificate, excluding the physical and environmental controls.
At Appy Pie all our apps are hosted on AWS cloud which has highest level of compliance like HIPAA, PCI & SOC for details refer to following web links:
https://aws.amazon.com/compliance/hipaa-compliance/
https://aws.amazon.com/compliance/pci-dss-level-1-faqs/
https://aws.amazon.com/compliance/soc-faqs/
What it means for the customers?
We value our users’ privacy. Therefore, we internally conduct these independent audits to ensure that our security management and privacy functions comply with the leading industry standards. These externally validated compliance standards confirm that we are meeting our obligations to you in terms of how we treat your data.
Here is the protection that all our customers using in-scope products receive
All of these certifications are for the services listed above, for which you don’t need to pay anything extra or configure your instance in any way to be protected by them.
Appy Pie’s ISO 27001 certifications vs. our customer’s certifications
The ISO 27001 certifications that we provide cover the security management process for a specified scope of Appy Pie services. In case you are pursuing this certification while operating a part of your service using Appy Pie, it doesn’t mean that you are automatically certified by the association. However, our certifications can make it easier for you to obtain these certifications for yourself.
Obtaining Appy Pie’s ISO certifications
You can download our ISO certificates at any time, for free, and without NDA from here.
