Your Trust In Aggua

Aggua maintains its SOC 2 Type II report, covering many customer configurations. Contact Sales for availability.

Aggua follows a commitment to information security at every level of our organization. Our security program is in accordance with industry-leading best practices.

Aggua has implemented a GDPR (General Data Protection Regulation) readiness program that has been assessed by a Big Four accounting firm. This program includes appointing a Data Protection Officer (DPO), putting measures in place to identify and delete private data, ensuring all subcontractors are compliant, and updating Terms and Conditions, Privacy Policy, and Data Processing Addendum (DPA).

Aggua hosts all of its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 13 and ISO 27001. View Amazon’s compliance and security documents for more detailed information.

Aggua maintains an ISO 27001 certification, applicable for many customer configurations. Contact Sales for availability.

All customer data (including recordings and transcripts) is encrypted at rest and in transit.

System passwords are encrypted using AWS KMS with restricted access to specific production systems.

Data access and authorizations are provided on a need-to-know basis and based on the principle of least privilege Access to the AWS production system is restricted to authorized personnel only.

Aggua hosts all of its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 13 and ISO 27001. View Amazon’s compliance and security documents for more detailed information.

Web application architecture and implementation follow OWASP guidelines. The application is regularly tested for common vulnerabilities (such as CSRF, XSS, SQL Injection).

In addition to Aggua’s extensive testing program, Aggua conducts application penetration testing by a third-party at least annually.

Aggua login requires strong passwords. User passwords are salted, irreversibly hashed, and stored in Aggua’s database. Audit logging allows administrators to see when users have last logged in and when passwords were last changed.

Access to Aggua applications is logged and audited. Logs are kept for at least one year.

Aggua maintains a formal incident response plan for major events.

Aggua maintains a publicly available system-status webpage, which includes system availability details, scheduled maintenance, service incident history and relevant security events.

Aggua maintains security policies that are maintained, communicated, and approved by management to ensure everyone clearly understands their security responsibilities. Aggua policies are audited annually as part of its SOC2 certification.

Code development is done through a documented SDLC process. Design of all new product functionality is reviewed by its security team. Aggua conducts mandatory code reviews for code changes and periodic in-depth security reviews of architecture and sensitive code. Aggua development and testing environments are separate from its production environment.