Apiphany is a software company that builds the world's leading software for data-driven decision-making for physical products. We work with clients in the most secure and highly regulated manufacturing companies and build software for their most sensitive data. Today, security remains the cornerstone of our product development, company culture, and internal operations.
Apiphany cares deeply about the security outcomes of our clients, and we’re committed to transparency about our security practices and program. We stand resolute in continuously improving our security, data protection, and privacy controls to give you the most effective means of protecting your data possible.
Apiphany goes a step beyond by aligning with industry-leading standards like SOC 2 Type II, ISO/IEC 27001:2022, NIST, GDPR, and CCPA to protect sensitive data and operations.
Apiphany is SOC 2 Type II certified, ensuring compliance with AICPA standards for security, availability, and confidentiality. This assessment validates Apiphany’s controls for data protection, access management, and system integrity, reinforcing its commitment to enterprise security.
Apiphany is fully compliant with NIST SP 800-171, meeting 110 security controls to safeguard Controlled Unclassified Information (CUI). This framework ensures data confidentiality and integrity across areas like access control, configuration management, and incident response.
Apiphany provides multiple deployment methods, including Azure Government Cloud and AWS GovCloud (US), to provide a secure, isolated environment for managing sensitive and regulated data.
Government Cloud meets the stringent standards required by U.S. government agencies, ensuring compliance with federal regulations while delivering robust security measures to protect your data. Apiphany works with Secureframe to certify our compliance and conduct regular up-to-the-minute performance checks to ensure the highest standards. To see detailed information.
Apiphany is compliant with ISO/IEC 27001:2022 — the most current internationally recognized standard for information security management systems (ISMS). This certification demonstrates our dedication to protecting sensitive data, managing risk proactively, and continuously improving our security practices. By aligning with ISO/IEC 27001, we ensure that our processes, infrastructure, and policies meet rigorous global standards, giving our clients confidence that their information is handled with the utmost integrity and security.
Apiphany restricts access to production systems and data to authorized personnel using unique credentials, multi-factor authentication, and encrypted connections. Network segmentation, firewalls, and strict access controls protect customer data, with clear procedures for onboarding, revoking access, and ensuring compliance. For more information, contact Apiphany directly.
Apiphany enforces security through background checks, annual training, asset inventories, and mobile device management. Visitor procedures and secure media disposal are standard, with anti-malware protections and password policies ensuring compliance.
Apiphany ensures product security through encryption of sensitive data at rest and in transit, regular penetration testing, and continuous vulnerability management. Annual control assessments and system monitoring ensure policies are effective and updated as needed.
Apiphany has internal security measures in place, including Business Continuity and Disaster Recovery plans, risk assessments, and vendor management programs. Change management, configuration consistency, and a formal development lifecycle ensure operational stability, while access to sensitive systems and data centers is tightly controlled and reviewed regularly. Incident response plans are documented, tested annually, and communicated effectively, alongside policies for vulnerability management and risk mitigation.
Apiphany upholds strict data retention and classification policies to safeguard customer information. Data is securely retained and disposed of according to formal procedures, while a classification policy ensures confidential data is protected and accessible only to authorized personnel. Role-Based Access Controls (RBAC) are enforced across all infrastructure, tools, and data sources, following the principle of least privilege to ensure users have only the minimum access necessary to perform their responsibilities.
Considering the legal, regulatory, contractual, and other requirements, the ISMS scope is defined as specified in the following items:
Independent third-party auditors perform Apiphany’s certifications. Apiphany’s compliance with these internationally recognized standards and code of practice is evidence of Apiphany’s commitment to information security at every level of the organization, and that the Apiphany security program is under industry-leading best practices.
