Purpose

To define what a security audit is, and to outline how our platform is security audited.

More information

A security audit is an systematic evaluation of a company's information system to verify if it meets a set of established criteria.  Typically, an audit evaluates the physical, technical and software security practices of the system's physical configuration and environment. It examines the company's disaster recovery procedures. Finally, it assesses the company's user practices. 

As a SaaS (Software as a Service) company, any security audit must also verify the platform's stability and scalability and its software development practices. Three different types of security diagnostics are typically used:

  • security audit - measures a company's information system against a set of established criteria.

  • vulnerability assessment - seeks to highlight potential security weaknesses in the company's information system.

  • penetration assessment - a systematic covert evaluation, where the auditor attempts to attack the company's information system in order to highlight potential security weaknesses 

The key reasons that we conduct regular security audits on our information systems are:

  • To protect the data that is processed by Aphix on behalf of you and your customers

  • To identify potential security risks, so we can fix them before they happen

  • To maintain high quality - in particular, to verify that the processes and procedures in place are carried out by our staff consistently and to a high standard

As a company, Aphix are committed to providing you with a software platform that is as secure as possible.

Because of that, we have Technical and Organisational Standards that are followed by all employees. These standards cover Aphix employees' practices (including code development procedures), physical security, the technical security of the Aphix platform and what we do in an disaster recovery scenario, These are reviewed and updated regularly to reflect the current business environment. Additionally, our platform is externally audited each quarter, which provides an independent audit of our software and processes. Currently, there are no critical known security issues.

The Aphix platform runs on Amazon Web Services in a clustered, auto-scaling environment.  The current AWS Infrastructure provides a scalable model for the platform going forward into the future and has detailed performance and security monitoring running 24/7 to ensure smooth operation.

The Aphix SLA mirrors the AWS SLA with an uptime target of 99.95%. The recorded uptime for 2019 was above 99.95% including all planned maintenance windows.

Key points

  • Our platform undergoes security audit regularly.

  • We have standards and processes in place that we follow to protect data that Aphix process, to identify and fix potential security risks before they happen and to maintain high quality.