You are here
Trustworthy and Safe
Apptio’s world-class security measures are designed to protect and serve our customers
Compliance and Certifications
Apptio’s Information Security team, Legal department and Internal Compliance/Audit department all work together to ensure that industry best security practices are met. Apptio’s Software-as-a-Service (SaaS) environment follows stringent guidelines to protect the confidentiality, integrity, privacy and availability of your data. We also work with independent auditors and penetration testers to validate that Apptio has the appropriate security controls in place to protect customer data entrusted to us.
SOC2 Type II Report and SOC3 Report
System and Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Apptio achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Apptio controls established to support operations and compliance. Apptio cloud services have been successfully audited in accordance with AT 101 and the Trust Services Principles for design and operational security. To learn more about the AICPA and the SOC standards, see the following link: http://www.aicpa.org/soc4so
For a copy of our SOC3 report, click on the link below:
EU-US Privacy Shield
Apptio complies with the EU-U.S. Privacy Shield Framework as set forth and certified to the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.
Cloud Security Alliance – STAR Level One Certification
Our Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) response details how Apptio cloud services fulfill the security, privacy, compliance, and risk management requirements defined in the CSA CCM version 3.0.1.
FIPS 140-2 Validation
FIPS 140-2 validation provides product users with a high degree of security, assurance, and dependability. Apptio certifies that the underlying cryptographic modules used with our products, comply with the Federal Information Processing Standard Publication 140-2, a US government standard.
Apptio is one of a select group of SaaS providers who have received FedRamp certification under the Joint Authorization Board (JAB) Authorization to Operate (ATO). Apptio’s FedRAMP environment provides a continental United States (CONUS)-based and dedicated infrastructure (facilities, servers, databases, networking devices) for Federal Government agencies subscribing to our SaaS Technology Business Management (TBM) solutions.
Although Apptio is not currently ISO certified, we are closely aligned with the ISO/IEC 27001:2013 requirements for establishing, implementing, maintaining and continually improving an information security management system. This alignment ensures that Apptio cloud services have the requisite and appropriate security controls in place as defined in the ISO/IEC 27001 standard.
Apptio adheres to ITIL principles and practices for managing and supporting our SaaS environment. Leveraging process automation and other ITIL best practices, we are well-positioned to enforce IT service management for our cloud services and customers.
General Data Protect Requirements (EUGDPR)
Apptio is developing a strategy to meet the compliance requirements for the EU GDPR by the 2018 deadline. Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (EU GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018. Key changes under the GDPR will affect almost all businesses. The rights of EU citizens to control their personal details will be enhanced and new unified obligations will be placed on those dealing with personal data.