Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items

Overview

The Appfire Trust Center connects you to the latest information on the security, privacy, and compliance of our uniquely positioned products and services, to give you the comfort and trust you need when buying and using any Appfire app.

Appfire is certified under ISO 27001 and ISO 27017, and have also completed our SOC 2 audits.

Requesting full access will give you access to NDA protected content. Subscribing will provide you with notifications of future updates.

Compliance

CCPA Logo
CCPA
EU-US DPF Logo
EU-US DPF
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27017 Logo
ISO 27017
SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information
Ask for information
Pentest Report
ISO 27001
ISO 27017
CAIQ Lite
SIG Lite
Data Processing Agreement
Data Security Policy
Network Diagram
Other Reports
Security Whitepaper
Vulnerability Assessment Report
ISO 27001 SoA
SOC 2
Cyber Insurance
Modern Slavery and Human Trafficking Statement
TIA - Supporting Information for Customers
Access Control Policy
Anti-Malicious Software Policy
Asset Management Policy
Backup Policy
Business Continuity Policy
BYOD Policy
Data Classification Policy
Data Sanitization Policy
Encryption Policy
End User Policy
General Incident Response Policy
IMS Policy
Information Security Policy
Internal and External Communication Policy
Network Security Policy
Other Policies
Password Policy
Physical Security
Risk Management Policy
Software Development Lifecycle
Third Party Personnel Policy
Vulnerability Management Policy
Appfire Technologies, LLC W-9

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective24 hours
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network Diagram
Other Reports
Pentest Report
View more

Self-Assessments

CAIQ Lite
SIG Lite
VSA Core

Data Security

Backups Enabled
Data Erasure
Encryption-at-rest
View more

App Security

Responsible Disclosure
Code Analysis
Software Development Lifecycle
View more

Data Privacy

Cookies
Privacy Policy
TIA - Supporting Information for Customers

Access Control

Data Access
Logging
Password Security

Infrastructure

BC/DR
Separate Production Environment

Endpoint Security

Disk Encryption
Endpoint Detection & Response

Network Security

Data Loss Prevention
Firewall

Corporate Security

Email Protection
Employee Training
HR Security
View more

Policies

Access Control Policy
Anti-Malicious Software Policy
Asset Management Policy
View more

Security Grades

Qualys SSL Labs
appfire.com
A+

Trust Center Updates

Appfire SOC 2, Type II Audit Completed!

ComplianceCopy link

🔒 We’re proud to share some exciting news… Appfire hasc ompleted our SOC 2, Type II audit!

As we continue to prioritize the security of our technology, this latest recognition further demonstrates Appfire’s commitment to security and compliance for our customers, prospects, partners, and team members.

Learn more: https://bit.ly/3SJJN3z

Get it here: https://trust.appfire.com/?itemUid=7bfa66da-33ab-49de-8391-e329738a1ae9&source=click

Published at N/A

Appfire 2024 CAIQ-Lite & SIG-Lite released

ComplianceCopy link

Hi all,

Appfire is happy to announce we have released our updated 2024 CAIQ-Lite and SIG-Lite questionnaires. We've made a lot of improvements in the last year, including obtaining ISO 27001 and ISO 27017 certifications and completing SOC 2 audits, and these changes are now reflected in our questionnaires.

CAIQ-Lite

SIG-Lite

On a separate note, we have completed our new SOC 2, Type II audit and are expecting the final report any day. Our results were excellent and we'll send out an update on the Trust Center once it is available.

In addition, we are actively working on our penetration tests and have been updating new test results on an ongoing basis. In 2024 we've decided to test all of our apps twice a year vs. annual testing. This has resulted in Appfire bringing on a new vendor who can support the volume since we will be testing hundreds of apps every 6 months. Thank you for your patience as we roll this out. If you have a specific app or apps you would like us to prioritize, please reach out.

Thanks again for your trust,

Douglas J. Kersten CISO Appfire

Published at N/A

Appfire Security Advisory CVE-2023-22515

IncidentsCopy link

Broken access control vulnerability in Confluence Data Center and Server

Background Atlassian has released a critical security advisory regarding CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server. This note summarizes how this vulnerability affects Appfire applications, systems, and data and what mitigation steps Appfire is undertaking to minimize the impact.

Appfire applications affected by CVE-2023-22515 No Appfire applications are directly affected by, or contribute to the likelihood or impact of, this vulnerability. The risk is confined to the underlying Confluence Data Center and Server instances and their installed apps. The risk remains the same, regardless of which Appfire applications are installed. Since it is an elevation of privilege vulnerability, it is possible for adversaries to create admin-level accounts in Confluence that will allow them full access to install or remove all marketplace apps, as well as allow access to the administrative functions of any installed apps in the affected instance of Confluence.
Appfire corporate Confluence sites affected by CVE-2023-22515 All Appfire Confluence DC and Server sites have been evaluated and any identified risks mitigated.

CVSS 10: URGENT ACTION REQUIRED Clients running affected Confluence Server or Data Center are advised to urgently upgrade to a non-vulnerable version of Confluence Data Center or Server. Furthermore, investigate if escalated privilege or suspicious accounts have been created and used

References: Atlassian Security Advisory for CVE-2023-22515 Atlassian security advisories

Published at N/A

Appfire is Not Affected by MOVEit Vulnerabilities (CVE-2023-35708)

IncidentsCopy link

Appfire is Not Affected by MOVEit Vulnerabilities (CVE-2023-35708)

Our security team has recently been made aware of a notable vulnerability associated with the MOVEit application from Progress Software. After an extensive review, we have determined that our products and corporate infrastructure do not use or incorporate the affected technology/software.

Published at N/A

Appfire Sub-processor List Updated - 6-9-2023

SubprocessorsCopy link

Hi all,

Appfire has updated our Sub-processors' list as of June 9, 2023. Please, see the updated list on our Trust Center.

Thank you,

Appfire Legal Team

Published at N/A

Appfire Penetration Testing Attestation Letters Released

ComplianceCopy link

Hi all,

A typo in the link provided in the last update was brought to our attention.

Please use the link below to access Appfire's Attestation Letters:

Appfire Attestation Letters

Best Regards,

  • The Appfire Security Team
Published at N/A

Appfire has released 2022 penetration test attestation letters for its cloud based products and corporate domains. Appfire addresses all critical, high and medium findings identified during penetration testing.

Click here: Appfire Attestation Letters

Appfire is committed to maintaining a strong security posture to offer our customers peace of mind. Penetration testing is just one of the tools that we use to accomplish this. Our mission is to make sure you feel secure buying and using any of our products and services.

Thank you for being our customer and partner.

  • The Appfire Security Team
Published at N/A*

Welcome to the Appfire's Security, Privacy & Compliance Trust Center

GeneralCopy link

As an organization that is security and privacy conscious, we are excited to announce the official launch of the Appfire's Security, Privacy & Compliance Trust Center. By using this portal, you can request access to our compliance documents, review our standardized questionnaires such as the CAIQ-Lite and gain a general understanding of our security and privacy posture.

Over time, our team will be making changes to this portal as we implement new tools and processes in our environment. You can use the Subscribe button to receive email notifications for when our team has an important update, such as if we have an updated compliance report or if we have a status update regarding a major security vulnerability that has been recently discovered.

-The Appfire Security & Privacy Team

Published at N/A

If you need help using this Trust Center, please contact our Cybersecurity Risk team.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo