Aptible PaaS logoDocs

Security & Compliance

Aptible empowers engineering teams to bring products to market faster by implementing and operating all of the rigorous infrastructure security controls required to comply with regulatory frameworks, like HIPAA, HITRUST, and SOC 2, and pass security audits.

🧠 Check out the Secured by Aptible page for a full list of security and availability controls provided by Aptible directly or through our infrastructure provider, AWS.

Security Questionnaires/Reviews

🏳️ Annual Security Questionnaires are only available on the Enterprise Plan.

You can request the Aptible Support team complete an annual security questionnaire on your behalf or the following resources are available for self-serve answering of security questionnaires:

  • Aptible's Conveyor Room: A secure way to access our Security FAQ and the following documents:
    • HITRUST Engagement Letter
    • HITRUST CSF Letter of Certification
    • HITRUST NIST CSF Assessment
    • HITRUST CSF Validated Assessment Report
    • SOC 2 Type 2 Report
    • SOC 2 Continued Operations Letter
    • Penetration Test Summary

Compliance

HIPAA

🏳️ HIPAA Compliance BAAs are only available on the Scale & Enterprise Plans.

Aptible takes care of all the required HIPAA controls, so you can instantly achieve HIPAA compliance. To comply with HIPAA, you must provision a Dedicated Stack for all Environments that process PHI and sign a BAA with Aptible. BAAs can be requested by contacting Aptible Support.

Resources:

HITRUST

🏳️ HITRUST Inheritance is only available on the Enterprise Plan.

Aptible is HITRUST CSF Certified and offers HITRUST Inheritance to reduce the time and cost of your own HITRUST CSF Validated assessment. To comply with HIPAA, you must provision a Dedicated Stack for all Environments that process PHI and sign a BAA with Aptible. BAAs can be requested by contacting Aptible Support.

Resources:

HITRUST Inheritance

Aptible is HITRUST CSF Certified. If you are pursuing your own HITRUST CSF Certification, you may request that Aptible assessment scores be incorporated into your own assessment. This process is referred to as HITRUST Inheritance.

While it varies per customer, approximately 30%-40% of controls can be fully inherited, and about 20%-30% of controls can be partially inherited.

Guides & Examples:

SOC 2 & Other Frameworks

Resources:

  • The Security and Compliance Dashboard: An easy-to-consume view of all the HIPAA & HITRUST controls that are fully enforced and managed on your behalf. While these are currently the only supported scores, these controls often overlap with other compliance frameworks, like SOC 2 and ISO 27001.
  • Aptible's Conveyor Room: A secure way to access the following documents:
    • SOC 2 Type 2 Report
    • SOC 2 Continued Operations Letter
  • Secured by Aptible badges

Learn more Security & Compliance Controls on Aptible