Overview

Apogy is a secure Cloud hosted SaaS application, administered through a responsive Web based portal and delivered as a HTML 5 and and Native iOS application. All client data is encrypted and housed in a Virtual Private Network utilizing role based access to all resource utilizing the services provided by enterprise scale hosting infrastructure. In addition, all data transmission both within the network and with the clients is secured over HTTPS and TLS connections.

Physical and Logical Security

Apogy is committed to secure in our corporate and cloud services environments. Network Security is Achieved Through the use of layered firewalls, advanced Network Design and Network segmentation. High-availability firewalls are used to filter traffic between the web, application and data tiers. Apogy firewalls are configured consistent with National Institute of Standards and Technology (NIST) standards. All security devices and firewalls are monitored 24/7/365.

Data in transit and at rest are encrypted to provide optimal security. Data in transit is encrypted using secure socket layer (TLS) transmissions. Data volumes are encrypted in the production cloud services environment to ensure against any unwarranted access to customer information as it passes through Apogy. Authentication data such as username and passwords will always be encrypted at-rest and in-transit within and without the Apogy application. Antivirus software is installed on all servers to check and isolate or remove any viruses including data, attachments, etc.

Access Control

Access to the Apogy cloud services environment by internal Apogy resources is strictly controlled and based upon roles. Request for access are made in the Apogy access control system and require executive and operations approval. The access control system will track and record the steps in the approval process. The Apogy Cloud Services environment runs on a segregated network from the corporate network and requires a separate set of credentials to be accessed.

Client Device and Website Security

Apogy website and client devices have the following controls:

  • Script attack prevention using built in ASP.net MVC mechanisms
  • Cross-site request forgery prevention using built in ASP.net MVC mechanisms
  • Anti XSS library
  • Web-based admin control with fine grained user policy management
  • All communication is tracked, logged, analyzed
  • Vulnerability assessment

Compliance Programs

The Compliance Program enables customers to understand the robust security in place and then helps them streamline their compliance with industry and government requirements for security and data protection. The IT infrastructure is designed and managed in alignment with best security practices and a variety of IT security standards, including: