You are here

Trustworthy and Safe

Apptio’s world-class security measures are designed to protect and serve our customers

Secure Practices

The protection of your data is a top priority at Apptio, and the development and operation of our service revolves around that commitment. This includes our people, security policies and commitment to helping you implement secure practices when using our products.

Our People

At Apptio, we think comprehensively about security and our information security team is dedicated to protecting your data. The Information Security team is highly trained in all domains of security with expert knowledge in, and a working understanding of, security controls necessary to protect customer data. Our Information Security team members currently hold industry leading certifications that include:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • PCI Internal Security Assessor (ISA)
  • Certified Information Security Manager (CISM)
  • Certified Ethical Hacker (CEH)
  • Information Assurance
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified Internal Auditor (CIA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Healthcare Certified Information Security and Privacy Professional (HCISPP)
  • GIAC Security Essentials (GSEC)
  • GIAC Network Penetration Testing (GPEN)
  • ISMS Provisional Auditor

Apptio has a dedicated Information Security team that is responsible for security-related policies and programs including information security program management and oversight, which includes Threat and Vulnerability Management, Security Audit and Compliance, Information Security Awareness Training, Third Party Security Reviews, Apptio corporate security, Security Incident Response, day-to-day security and privacy oversight, and a critical input into Apptio’s internal Enterprise Risk Management program.

Apptio Policies & Practices

Apptio enforces certain policies and practices to govern the use and protection of customer data.

Confidentiality and InfoSec

Apptio requires all employees and contractors to sign and abide by non-disclosure confidentiality agreements, and to comply with our information security policies.


Apptio provides training to all employees on our information security handling practices and policies during their new hire orientation, with refresher courses given annually to keep staff current. In addition, Apptio developers are required to take specific secure coding practice training on an annual basis. As new threats emerge, or changes are made to our security practices, Apptio communicates the changes and educates employees in a timely manner.

Access to Data

The principle of “least privilege” is adhered to and data is accessible only to authorized Apptio personnel as required to operate the service. Customer data is only disclosed to third parties in connection with the provision of services to you, and only in accordance with your commercial agreements with Apptio.

Contractual Protection of Customer Information

Apptio includes provisions in our contracts to protect the information of our customers, prohibiting us from disclosure of customer data without written consent, except where required by law.

Security Best Practices for Apptio Customers

Apptio is committed to helping you adopt secure practices while utilizing our applications. Our Information Security Team is happy to engage with you to provide guidance and answer security and privacy-related questions.

Secure Authentication

Require your employees to set strong passwords with your Apptio instance, or integrate directly with your company’s infrastructure with our Single Sign-On (SSO) option.

Client Security

Secure your systems by keeping your browsers (Internet Explorer, Firefox, Chrome) up-to-date. Protect your desktop systems from attack by keeping your operating system and anti-virus systems current. Protect your employees from phishing attacks through email filtering and flagging as a trusted email source.

Role-based Access Controls

Take advantage of the role-based access controls in the Apptio platform to limit administrative, configuration, and report access only to appropriate individuals or groups in your organization. Coupled with SSO, you can leverage your existing internal access control groups in the Apptio platform.