Security at Apsis
Apsis commitment to you
Here at Apsis, we understand how critical it is to keep both your data and ours secure and private — safeguarding not just daily operations, but also the trust you place in us.
As a company that handles valuable data, we take our responsibility seriously and lead by example. We make ongoing investments to embed security into every part of our operations, from how we design and develop our products to how we support our users.
Security built into every process — by design
A well-defined set of processes and measures helps us deliver reliable solutions and ensures your information is handled responsibly.
We’re committed to staying ahead of potential risks, so you can count on products that prioritise your security and privacy by design. Our solutions are built to uphold the integrity, confidentiality, and availability of your data — every step of the way.
Our certifications
At Apsis we observe key industry best practices and regulatory frameworks to protect your security and privacy.
We’re proud to be certified under ISO/IEC 27001: 2022 and ISO/IEC 27701, two internationally recognised benchmarks for information security and privacy management. These certifications demonstrate our commitment to following rigorous protocols for protecting information assets and handling personal data responsibly.
In addition, efficy is fully compliant with the GDPR and NIS 2 Directive, underscoring our alignment with the European Union’s stringent cybersecurity and privacy requirements.
We also ensure that our Software Development Life Cycle (SDLC) adheres to established industry standards, including OWASP, CIS and CSA.
| 
| 
| 
|
Our ISMS and the security mission that drives it
Apsis and our parentcompany efficy has established a comprehensive Information Security Management System (ISMS).
This system is both a testament to our commitment to data protection and a strategic, operational framework that integrates risk management, compliance, and continuous improvement.
The overall goal of Apsis and efficy’s ISMS is to protect, detect, identify, respond to, and recover from threats to the confidentiality, integrity, and availability (CIA) of information, information systems, and products at three layers: physical, personal, and organisational.
Our ISMS are more than just a set of standard policies and best practices — they’re a tailored system of security and privacy controls designed around efficy’s specific operational needs.
| We’ve captured this commitment in our efficy Security Mission: SAFEGUARD EFFICY INFORMATION AND OPERATIONS. SUPPORT DEVELOPMENT AND OPERATIONS OF SECURE SOFTWARE. |
Apsis and efficy has established a cross-functional security organization led by the Chief Information Security Officer (CISO) and supported by dedicated DevSecOps engineers and representatives from multiple departments across the company.
Apsis and efficy has appointed a dedicated Chief Information Security Officer (CISO) with expertise in cybersecurity, as well as a dedicated Data Privacy Officer (DPO). Both serve as cross-functional advocates for data privacy and information security across the organization.
Apsis and efficy has made significant investments to deploy and integrate specialised security tools that cover a wide range of areas, including:
• Compliance
• Identity and Access Management (IAM)
• Endpoint Detection and Response (EDR)
• Intrusion Detection Systems (IDS)
• Static Application Security Testing (SAST)
• Vulnerability Management (VM)
• And third-party application management.
We also maintain specific cybersecurity insurance coverage as an added layer of risk management.
Our risk management process is a cornerstone of Apsis and efficy’s security posture. It begins with an annual threat and risk analysis for each product line, enabling us to identify emerging risks and vulnerabilities within the evolving digital landscape.
This is complemented by regular risk assessments integrated into our project management processes, which allows us to continuously evaluate potential impacts on our systems and services.
Throughout the year, external audits are conducted by a range of stakeholders, including investors and key customers, providing valuable, multi-faceted insights into our security practices.
We also perform internal audits, and together, these activities culminate in an annual management review, where we rigorously evaluate results and identify areas for improvement.
Secure management of third-party suppliers is a key part of our security strategy. This includes regular security audits, robust access controls, and secure integration processes where necessary.
We also continuously monitor our third-party landscape to prevent the use of non-approved parties, supported by ad hoc tools and formal approval processes.
We believe that a strong security culture is fundamental to the success of our ISMS. To this end, we run a multi-tiered awareness program designed to educate and empower our employees at all levels of the organization.
This program includes general security training for all employees, monthly sessions for our Security Ambassador Network, and specialised, role-specific training for technical roles.
Apsis and efficy places a strong emphasis on identity governance and management.
Our identity framework enforces strict access controls to ensure that only authorised personnel can access specific systems and data. By applying principles like least privilege access, zero trust, and role-based permissions, we minimise the risk of unauthorised access and data breaches.
Apsis and efficy employs robust mechanisms to classify, store, and protect information throughout the data management lifecycle. We use automated tools to monitor data flows, detect anomalies, and enforce data protection policies in real-time.
Additionally, we conduct regular data audits and implement encryption protocols to safeguard sensitive information, ensuring both its integrity and confidentiality.
To learn more about these practices, visit our Trust Center.
For additional information on privacy compliance, please see our Privacy section.