Appara has been audited for compliance with ISO/IEC 27001:2013 Information Security Management Standards and ISO/IEC 27018:2014 Code of Practice for Protecting Personal Data in the Cloud by an accredited third-party certification body, providing independent validation that applicable security controls are in place and operating effectively. By following the standards of ISO/IEC 27001 and the code of practice embodied in ISO/IEC 27018, Appara demonstrates that its privacy policies and procedures are robust and in line with its high standards.

ISO certification is an ongoing process. We have third-party reviews every year to remain certified and demonstrate continual improvement of our organization’s information security management system.

Appara employs stringent controls and policies to ensure that we provide the strongest security for our customers. Our underlying Microsoft Azure infrastructure holds many security standards including SOC 1, SOC 2, PCI-DSS and EU-US Privacy Shield framework.

In addition to leveraging security and compliance standards by partnering with the Microsoft Azure platform, Appara holds the following certifications: ISO/IEC 27001:2013 and ISO/IEC 27018:2014.

‍Appara employs the latest in automatic backup technology that securely replicates your data in two Canadian Microsoft Azure data centers. Our disaster recovery plans are tested and audited as part of our ISO 27001 / ISO 27018 certification.

All Appara data and applications, including customer data, are stored on cloud services operated by Microsoft Azure. The Azure infrastructure is designed and managed according to security best practices as well as a variety of security compliance standards.

As an application operated on Azure, you can be assured that Appara is built on top of some of the most secure computing infrastructure in the world. Azure has a rich fabric of security documentation, showcasing its policies, best practices, and more. Learn more here.

Appara employs industry standard application security systems and practices. Some of the highlights include:

Regular Security Penetration Tests
Appara consults with leading cybersecurity experts that test our platform to ensure that it is secure from both internal and external threats.

Secure Software Development
Appara employs rigorous internal standards for code quality including internal review processes and a mandatory internal Secure Software Development training program.

Information Security in everything we do‍
Appara employs office access policies, multi-factor authentication for internal tools, company-wide device policies, criminal background checks for employees and contractors, as well as a regular Security Awareness Training program.