Core Concepts
Reference
How-to Guides
Troubleshooting
Security & Compliance
Aptible empowers engineering teams to bring products to market faster by implementing and operating all of the rigorous infrastructure security controls required to comply with regulatory frameworks, like HIPAA, HITRUST, and SOC 2, and pass security audits.
🧠 Check out the Secured by Aptible page for a full list of security and availability controls provided by Aptible directly or through our infrastructure provider, AWS.
Security Questionnaires/Reviews
🏳️ Annual Security Questionnaires are only available on the Enterprise Plan.
You can request the Aptible Support team complete an annual security questionnaire on your behalf or the following resources are available for self-serve answering of security questionnaires:
- Aptible's Conveyor Room: A secure way to access our Security FAQ and the following documents:
- HITRUST Engagement Letter
- HITRUST CSF Letter of Certification
- HITRUST NIST CSF Assessment
- HITRUST CSF Validated Assessment Report
- SOC 2 Type 2 Report
- SOC 2 Continued Operations Letter
- Penetration Test Summary
Compliance
HIPAA
🏳️ HIPAA Compliance BAAs are only available on the Scale & Enterprise Plans.
Aptible takes care of all the required HIPAA controls, so you can instantly achieve HIPAA compliance. To comply with HIPAA, you must provision a Dedicated Stack for all Environments that process PHI and sign a BAA with Aptible. BAAs can be requested by contacting Aptible Support.
Resources:
- The Security and Compliance Dashboard: An easy-to-consume view of all the HIPAA controls that are fully enforced and managed on your behalf.
- Secured by Aptible badges
HITRUST
🏳️ HITRUST Inheritance is only available on the Enterprise Plan.
Aptible is HITRUST CSF Certified and offers HITRUST Inheritance to reduce the time and cost of your own HITRUST CSF Validated assessment. To comply with HIPAA, you must provision a Dedicated Stack for all Environments that process PHI and sign a BAA with Aptible. BAAs can be requested by contacting Aptible Support.
Resources:
- The Security and Compliance Dashboard: An easy-to-consume view of all the HITRUST controls that are fully enforced and managed on your behalf.
- Aptible HITRUST Shared Responsibility Matrix: A list of all the available HITRUST Inheritance Controls
- Aptible's Conveyor Room: A secure way to access the following documents:
- HITRUST Engagement Letter
- HITRUST CSF Letter of Certification
- HITRUST NIST CSF Assessment
- HITRUST CSF Validated Assessment Report
- Secured by Aptible badges
HITRUST Inheritance
Aptible is HITRUST CSF Certified. If you are pursuing your own HITRUST CSF Certification, you may request that Aptible assessment scores be incorporated into your own assessment. This process is referred to as HITRUST Inheritance.
While it varies per customer, approximately 30%-40% of controls can be fully inherited, and about 20%-30% of controls can be partially inherited.
Guides & Examples:
SOC 2 & Other Frameworks
Resources:
- The Security and Compliance Dashboard: An easy-to-consume view of all the HIPAA & HITRUST controls that are fully enforced and managed on your behalf. While these are currently the only supported scores, these controls often overlap with other compliance frameworks, like SOC 2 and ISO 27001.
- Aptible's Conveyor Room: A secure way to access the following documents:
- SOC 2 Type 2 Report
- SOC 2 Continued Operations Letter
- Secured by Aptible badges