Access to Apiphany systems and sensitive information is strictly controlled:
- Need-to-Know Basis:
Access is granted only as required by role responsibilities. - Least Privilege Principle:
Employees are given the minimum access necessary to perform their job functions. - Multi-Factor Authentication (MFA):
All accounts use MFA, combining strong passwords with an additional verification step. - Vendor Access:
Third-party vendors do not have direct access to production environments.
Administrative roles are subject to additional layers of security. Access to production environments is logged, monitored, and regularly audited to maintain compliance and detect anomalies.
Protecting customer data is a top priority at Apiphany. All data submitted to our platform is treated as highly confidential and safeguarded through:
- Encryption:
Data is encrypted in transit and at rest using AES-256 and TLS. If encrypted communication is interrupted, the platform is rendered inaccessible to maintain security. - Access Controls:
Administrative credentials are protected with full-disk encryption, unique credentials for each workstation, and routine validation of access mechanisms. - Sensitive Data Tools:
Customers have access to tools for detecting and sanitizing sensitive data, such as personally identifiable information (PII), before it enters the platform.
Apiphany ensures that customer data remains within production environments unless explicitly required to support customer requests
Apiphany’s platform is built for reliability and scalability, leveraging the infrastructure of trusted CSP partners. Key measures include:
- Virtual Private Clouds (VPCs):
Internal systems are isolated within VPCs, with network access managed through predefined security group rules.
Apiphany employs advanced monitoring systems to oversee its infrastructure for potential security threats:
- Activity Logging:
Events such as API interactions and system calls are centralized and evaluated using custom rule sets designed to identify unauthorized or malicious behavior. - Automated Responses:
Detected anomalies trigger automated actions, such as security team alerts or additional user authentication. - Proactive Threat Management:
These measures ensure swift detection and resolution of security incidents.
To deliver high-quality services, Apiphany partners with third-party vendors while maintaining rigorous oversight. Our Vendor Management Program includes:
- Comprehensive Evaluations:
Each engagement is assessed for technical, administrative, and physical security controls. - Alignment with Standards:
Vendors must meet Apiphany’s security and privacy standards, ensuring their practices align with the expectations of our company and customers.
This program safeguards our operations and protects sensitive customer information.