Aptible streamlines the process of addressing security questionnaires and audits with its pre-configured Security & Compliance features. This guide will help you effectively showcase your security and compliance status for Aptible resources.

01: Define the scope

Before diving into the response process, it’s crucial to clarify the scope of your assessment. Determine between controls within the scope of Aptible (e.g., infrastructure implementation) and those that fall outside of the scope (e.g., employee training on compliance policies).

For HITRUST Audits, Aptible provides the option of HITRUST Inheritance, which is a valuable resource for demonstrating compliance within the defined scope. Refer to How to Request HITRUST Inheritance from Aptible.

02: Gather resources

To ensure that you are well-prepared to answer questions and meet requirements, collect the most pertinent resources:

  • For inquiries or requirements related to your unique setup (e.g., implementing Multi-Factor Authentication or redundancy configurations), refer to your Security & Compliance Dashboard. The Security and Compliance Dashboard provides an easy-to-consume view of all the HITRUST controls that are fully enforced and managed on your behalf. A printable report is available to share as needed.

  • For inquiries or requirements regarding Aptible’s compliance (e.g., HITRUST/SOC 2 reports) or infrastructure setup (e.g., penetration testing and host hardening), refer to our comprehensive trust.aptible.com page. This includes a FAQ of security questions.

03: Contact Support as needed

Should you encounter any obstacles or require further assistance during this process:

  • If you are on the Enterprise Plan, you have the option to request Aptible Support’s assistance in completing an annual report when needed.

  • Don’t hesitate to reach out to Aptible Support for guidance.

O4: Show off your compliance (optional)

Add a Secured by Aptible badge and link to the Secured by Aptible page to show all the security & compliance controls implemented: