Blogs
Data Security and Certifications for Digital Adoption Platforms
Data Security

As more companies invest in Digital Adoption Platforms, many of their IT teams have questions about data security. How can you protect your data as you add tools on top of your existing software and processes? 

In this post we’re taking a closer what a Digital Adoption Platform is, what you need to know about how DAPs interact with data and what certifications you should look for from your DAP vendor. 

What is a Digital Adoption Platform and How Does it Handle Data? 

DAP is a software solution integrated on top of another software application which guides the users through walkthroughs, tasks and functions to save time and increase productivity. Digital Adoption Platforms aka DAP can be used to increase the adoption and usage of any web-based enterprise application or SaaS product.

One of the first questions people ask when demoing a solution like Apty is how will it handle my data? A well-designed DAP shouldn’t access or store your sensitive data from the host application.
For example, a common feature of a DAP is data validations. In Apty’s case this is the only time the software will analyze field inputs, but this process is performed in real time and the checked values are not collected and stored in the database. Apty only stores two types of data: 

  • Instructional content – the help content created in Apty.
  • Analytical data – Stats on how users interact with the help content you created. 

For more information on Apty’s data processing and security, see this support article

5 Certifications to Look for in a Digital Adoption Platform Vendor

  • PCI DSS 
  • ISO 27001 
  • SOC Verification
  • FIPS 140-2
  • FISMA 

In addition to reviewing the data security architecture, your IT team will most likely check to make sure a digital adoption solution has one or all of these key certifications: 

PCI DSS 

Payment Card Industry Data Security Standard(PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) is an infosec standard given to organizations for handling branded credit card transactions, it applies to all the service providers and merchants who process and store the cardholder data. 

PCI standards is mandated by credit card companies to reduce credit card fraud and to increase the control over cardholder’s data for their protection. PCI standard is administered by the PCI security standards council, which is a global forum that helps payment industries to develop and integrate data security guidelines for safe payments all over the world. This is an important certification to have in a DAP organization or in any organization as it deals with the threats related to online frauds.

Apty has been validated and certified for Payment Card Industry Data Security Standard (PCI DSS) compliant technology as Level 1 service provider.

ISO 27001

ISO

ISO 27001 is an information security standard well known for providing requirements for ISMS (Information Security Management system). ISMS is an organized approach to manage confidential company information so that it remains secure. ISMS can help small, medium and large businesses of any sector keep information sources secure.

This information security standard specifies a management system that is considering in bringing security under the organizational control and gives specific requirements. Organizations that meet the requirements for the certification, will be accredited with ISO 27001 certification after the successful completion of an audit.

Companies opting for a Digital Adoption Platform (DAP) should verify for ISO 27001 certification as it is an important part of data privacy and security. Apty has achieved ISO 27001 certification covering all the data centers, Infrastructures and all the major cloud-based services.

SOC Verification

SOC

Service Organization Controls verification assists companies establish reliance and confidence in their service delivery processes and controls. The reports are analysed by a third party that should be a CPA (Certified Public Accountant). Apty as a company is SOC verified as it includes AWS which now publishes SOC.

FIPS 140-2

FIPS

The Federal Information Processing Standard (FIPS) is a mandatory standard for cryptographic systems used by Federal agencies to protect sensitive information, it is regulated by the U.S government.

Who wants or needs FIPS 140?

Federal agencies purchasing platforms like Digital Adoption which uses cryptographic systems need to look for the products which have gone through the FIPS validation process. Commercial and private companies too can go for FIPS validated product companies as the security standards are controlled by the U.S Government, Financial and Digital cinema industries also adopted FIPS as a standard for security products.

To support customers with a validated FIPS requirements, Apty has the Amazon Virtual Private Cloud VPN endpoints and SSL-terminating load balancers in Amazon Web services GovCloud (US) operating the FIPS 140-2 validated hardware. AWS provides the information for the customers to help manage compliance when using the AWS GovCloud (US) region of AWS.

FISMA 

FISMA

The Federal Information Security Management Act (FISMA) was part of eGovernment Act of 2002 which focused on recognizing the importance of Information security to the national security interests of the United States. The act called for federal agencies to develop and implement an agency wide program to provide security for the Information systems that supports the operations of the federal agencies, including those managed by other agencies or third-party sources.

Federal agencies looking for Digital Adoption Platforms must check for the FISMA compliance. Apty includes AWS which enables federal agency customers to sustain and fulfil compliance with the Federal Information Security Management Act (FISMA) which includes documenting all the company processes as well as the third-party audit of the established processes and jurisdictions.

Conclusion

Consider these certificates as the checklist when looking for a Digital Adoption Platform. Having these certificates makes a vendor an Enterprise ready solution. 

0 Comments
Blogs
Software...
It is common for business to spend indecent amount of dollars on...
2 July 2020 -
Best...
Since remote working is the new normal, every company is in the...
29 June 2020 -
A Complete...
Change is never easy. Moreover, it is unique to every organization....
24 June 2020 -
Beginner's...
When you have a necessity, you go past the tradition, overcome...
22 June 2020 -
14 Pillars...
Last year more than 73% of businesses failed to generate value out of...
19 June 2020 -
How to make...
Organizational Transformation is often met with resistance and the...
16 June 2020 -
Prosci...
In today’s hyper-competitive business world, organizations that adapt...
12 June 2020 -
What makes...
In 2011, the concept of a Digital Adoption Platform (DAP) for the...
11 June 2020 -
9 Change...
Businesses today are changing the way they work. An environment like...
9 June 2020 -
11...
It’s has been an unexpected year with one too many surprises, to put...
4 June 2020 -