Apsis International AB is committed to providing services with industry-leading data privacy, security, governance and controls.
This section of the Knowledge Base aims to document our security posture and compliance measures we take in order to handle our customers' data in a secure, trusted and reliable manner in our APSIS One product.
APSIS follows the Cloud Security Alliance's best practices for security and compliance documentation.
Cloud Security Alliance (CSA) is a non-profit organisation with a mission to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.”
The Cloud Controls Matrix (CCM) is a meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organisations with the needed structure, level of detail and clarity, relating to information security and cloud computing. APSIS accepts the CSA CCM as a de-facto standard for cloud security assurance and compliance.
The Consensus Assessment Initiative Questionnaire (CAIQ) offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services. It provides a set of Yes/No questions a Cloud consumer and auditor may wish to ask of a Cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM). Therefore, it helps Cloud customers to gauge the security posture of prospective Cloud service providers and determine if their services are suitably secure.
APSIS has completed and published its CSA CAIQ self-assessment as shown below, split into two separate documents: one that covers the company-wide standard practices and processes, and another that specifically covers the controls in APSIS One:
- Company-wide Apsis Organisation CAIQ self-assessment
- APSIS One Product-specific CAIQ self-assessment
Data Processing in APSIS One
Describes the collection of data in the Subscription Service and clarifies the mechanisms and responsibilities for APSIS' and Customer for processing of such data.
- APSIS One Architecture provides a high-level overview of the technology and architecture employed in APSIS One.
- APSIS One Standard Service Limits describes the standard service limits in APSIS One. Customers may have bespoke service limits agreements as part of their license.