Infrastructure security

Data centre security

The data centres for Apteco Cloud have certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 9001:2015, and CSA STAR CCM v3.0.1. Physical access to data centres is controlled at building ingress points by professional security staff utilising surveillance, detection systems, and other electronic means.

Firewalls and Network

The Apteco Cloud network infrastructure is divided into 2 subnets:

  • Public

The gateway to Apteco Cloud is on the public subnet.

  • Private

The customer Apteco Cloud instances live in the private subnet.

Firewall security rules restrict incoming traffic to the public subnet, and between the public and private subnets. Public traffic is restricted to the using the HTTPS secure communication protocol. Further network security rules and practices are in place to further protect and limit access to Apteco Cloud systems. The Apteco internal networks are also protected using hardware and software firewall solutions from a global leader in cybersecurity, along with 24/7 monitoring and support.

Operating system security

The operating systems used to run Apteco Cloud systems are hardened to CIS Level 1 (Center for Internet Security), the recognised industry standard. The operating systems are regularly maintained with security patches etc. from the operating system vendor.

Maintenance and monitoring

Regular monitoring of Apteco Cloud takes place by Apteco Technical Services employees. This helps identify potential problems and ensure the smooth running of Apteco Cloud systems.

Vulnerability scanning

An independent third-party security consultancy scans the Apteco Cloud infrastructure and internal Apteco business systems every week.

Disaster recovery & business continuity planning

Apteco has practices and technologies in place to enable continued business activity in the event of a disaster.

Off-site and cloud-based backups equip all areas of the business so that they can continue working efficiently remotely in the event of loss of an office. This support function pairs programming and other development practices to have shared knowledge and avoid a single point of knowledge failure.