Assurance Programs
-
CSA STAR
Applied Systems has been proactive in working with the Cloud Security Alliance whose mission is to promote best practice in the provision of security assurance within Cloud Computing. The CSA Security, Trust & Assurance Registry (CSA STAR) is a free, publicly accessible registry documenting security controls published by various cloud service providers, thereby helping users assess the security of Cloud services they use or are considering contracting with.
-
ISO
The International Organization for Standardization (ISO) is a self-governing, non-governmental entity and the largest creator of voluntary international standards globally. The International Electrotechnical Commission (IEC) is the foremost organization for creating and publishing international standards for electrical, electronic, and related technologies. These worldwide standards offer a structure for policies and procedures encompassing all legal, physical, and technical controls involved in an organization's information risk management processes and continual improvement of its security program.
Applied Epic, Ivans, Applied Mobile, Applied Marketing Automation, Applied CSR24, and Indio are certified as ISO/IEC 27001:2013 compliant. As a formal specification, the 27001 standard sets out requirements for implementing, monitoring, maintaining, and continually improving the ISMS. It also recommends a series of best practices, including documentation requirements, responsibility divisions, availability, access control, security, auditing, and corrective and preventive measures.
Customers may request Applied ISO certification by working with your account manager or by visiting Applied’s community site and going here: https://community.appliedsystems.com/s/article/24343
-
SOC 3
The SOC (System and Organization Controls) standards are owned and managed by the American Institute of Certified Public Accountants (AICPA). The AICPA is the world's largest association representing the accounting profession. It sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments.
A SOC 3 report is a general use report of the SOC 2 reports which covers how a company safeguards customer data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services. These reports are issued by independent third party auditors covering the principles of Security, Availability, Confidentiality, and Privacy.
Applied Cloud is SOC 3 compliant. Read the report. -
SOC 2
The SOC 2 (Service Organization Control 2) is a type of audit or report which is delivered by a certified public accountant and designed to evaluate and ensure that a service provider securely manages data to protect the interests and privacy of its clients.
Applied Systems conducts SOC 2 Type 2 audits semi-annually within the Trust Services Criteria of security, availability, and confidentiality. Products within the Applied Cloud environment are in scope and include Applied Analytics, Applied Epic, Applied TAM, Applied Vision, DORIS, Applied CSR24, Applied Mobile, Applied Rating Services, and Ivans. Separate SOC 2 Type 2 reports are available for EZLynx and Indio products.
Customers may request Applied SOC 2 Type 2 reports by working with your account manager or by visiting Applied’s community site and going here: https://community.appliedsystems.com/s/article/24343
-
SOC 1
A SOC 1 (System and Organization Controls 1) is an audit report that evaluates the internal controls of a service organization that may impact its clients' financial reporting, although these controls can vary depending on the nature of the service organization. It's used because it provides assurance to the clients of the service organization that the company has robust and reliable controls in place.
Applied Systems conducts a SOC 1 Type 2 audit annually within the Trust Services Criteria of security, availability, and confidentiality. The Applied Epic product has its own SOC 1 report.
Customers may request Applied SOC 1 Type 2 report by working with your account manager or by visiting Applied’s community site and going here: https://community.appliedsystems.com/s/article/24343
Responsible Disclosures
We take security seriously at Applied Systems. As part of our ongoing commitment to provide a best-in-class cloud service, we leverage independent third parties to help us strengthen our security. If you think you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner by using the form linked below.