Sicherheit für Ihren Schutz
Innovation basiert auf Vertrauen – und Vertrauen beginnt mit Transparenz. Sie können sich darauf verlassen, dass Apptio erstklassige Anwendungen bereitstellt und gleichzeitig Ihre Daten mit größter Sorgfalt und Sicherheit verarbeitet. Wir gestalten jeden Aspekt unseres Geschäfts so, dass wir Ihr Vertrauen verdienen.
Apptio ist sich bewusst, dass der Datenstandort für Unternehmen mit globaler Präsenz eine wichtige Rolle spielt. Bei allen Rechenzentren von Apptio handelt es sich um erstklassige Tier 3- und Tier 4-Rechenzentren, die erweiterte Sicherheit und Umweltschutz bieten. Einige unserer Produkte nutzen Amazon Web Services (AWS). Apptio-Rechenzentrumsanbieter (einschließlich Colocation-Einrichtungen und AWS) verfügen über Branchenzertifizierungen wie SOC1 Typ II, SOC2 Typ II, ISO27001:2013, Cloud Security Alliance STAR usw.
- EU (Frankfurt) Region
- EU (Amsterdam) Region
- EU (Irland) Region
- Asien-Pazifik (Sydney) Region
Apptio implementiert technische Kontrollen, um sicherzustellen, dass Kundendaten vor Gefährdung und unbefugtem Zugriff geschützt werden, wie z. B.:
Apptio führt regelmäßig Penetrationstests und Schwachstellenscans durch, um sicherzustellen, dass unsere Systeme jederzeit in einem sicheren Zustand bleiben. Penetrationstests werden von unserem internen Informationssicherheitsteam sowie von führenden Sicherheitsfirmen durchgeführt. Kunden können eine Zusammenfassung dieser Penetrationstests und Schwachstellenscans für Webanwendungen anfordern.
Melden Sie alle verdächtigen schädlichen Aktivitäten oder potenziellen unbekannten Sicherheitslücken an email@example.com, damit wir umgehend darauf eingehen können.
Der Schutz Ihrer Daten hat bei Apptio höchste Priorität. Dieses Engagement spiegelt sich auch in unserer Entwicklung sowie im Betrieb unserer Services wider und schließt unsere Mitarbeiter, Sicherheitsrichtlinien und unser Versprechen mit ein, Sie bei der Implementierung und bei der Verwendung unserer Produkte mit sicheren Praktiken zu unterstützen.
Vertraulichkeit und InfoSec
Apptio verlangt von allen Mitarbeitern und Auftragnehmern, Geheimhaltungsvereinbarungen zu unterzeichnen und einzuhalten sowie unsere Informationssicherheitsrichtlinien zu befolgen.
Apptio stellt allen neuen Mitarbeitern in der Einarbeitungsphase Schulungen zu unseren Praktiken und Richtlinien für den Umgang mit Informationssicherheit bereit. Zudem werden jährlich Auffrischungskurse angeboten, um die Mitarbeiter auf dem Laufenden zu halten. Darüber hinaus sind Apptio-Entwickler verpflichtet, jährlich an speziellen praktischen Schulungen für sicheres Programmieren teilzunehmen.
Nach dem Prinzip der „geringsten Rechte“ sind Daten nur autorisierten Mitarbeitern von Apptio zugänglich, die für den Betrieb des Service darauf zugreifen müssen. Kundendaten werden nur im Zusammenhang mit der Erbringung von Dienstleistungen für Sie und nur in Übereinstimmung mit Ihren geschäftlichen Vereinbarungen mit Apptio an Dritte weitergegeben.
This Policy describes: (1) the types of Personal Information we may collect; (2) the purposes for which we collect Personal Information; (3) the parties with whom we may share this information; (4) your rights and choices; (5) how to contact us with your questions or concerns; (6) and the measures we take to protect Personal Information.
2. Personal Information We May Collect or Receive
Depending on the context in which you interact with us, we may collect or receive the following types of information, including Personal Information, from and about you:
- When you submit requests or post materials or inquiries on our Website (including when registering for content such whitepapers and requesting additional information, services, or support from us), we may collect your name, title, company name, address, phone number, and e-mail address, and certain company information.
- When you correspond with us via email, we may collect the Personal Information included in your e-mail.
- We may obtain Personal Information from third party business partners such as the contact details of prospects and sale leads from our resellers.
- Any Personal Information you submit in a bulletin board or chat room on our Website.
- Any Personal Information you submit there will be posted online and can be read, collected, or used by other website visitors of these forums. We are not responsible for third party use of the Personal information you choose to submit in these forums. We also reserve the right, at our sole discretion, to remove any content you may post on our Website.
- Like many websites, we use “cookies” to collect visitor information. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your Web browser. If you have provided your name or other contact information to us via a web form, we are able to link that information back to the cookie. Using cookies makes it possible for us to recognize your browser when you visit and to tell us whether customers and visitors have visited the Website previously. This information may also be used to provide you with information that we believe to be relevant to you based on your actions on our Website.
We may collect Personal Information from our existing and prospective Customers, vendors, and partners:
- When Customers register to use the Software Services (and related services, such as training and customer support), we require them to provide us with contact information (such as name, company name, phone number, and e-mail address). They may voluntary decide to communicate additional Personal Information (such as title, department name, fax number, and additional company information, such as mailing address, annual revenues, number of employees, or industry). We will use the email address provided during the registration process to generate a username and temporary password for Customers. Customers will be invited to log-in to change their password.
- We collect information about Customers’ use of the Software Services including in a log file (e.g;, when a user logs, its use of the system).
- With Customers’ consent, we may post Customers’ testimonials, which may include Personal Information such as their name, on the Website about their use of the Software Services.
- Customers contact details to send them information about our products or services.
Personal Information of Vendors’ and Partners’ Employees as provided by Vendors or Partner for purposes of the vendor’s services or in furtherance of the relevant partner relationship.
3. How We May Use Personal Information
We may use the information that we collect about you or that you provide to us, including any Personal Information, in the following ways:
- We use data we collect to provide the Website and Software Services that we offer. This includes operating, maintain, and providing you with all the content and features of the Website and Software Services.
- To inform you about Apptio and our products, services and partners, including to send you marketing promotions.
- To diagnose and resolve issues with and otherwise improve our Website or Software Services.
- To protect the security of our services, employees and users, detect and prevent fraud, and to resolve disputes.
- To send administrative information to you, for example, information regarding the services and changes to our terms, conditions, and policies of our Website and Software Services.
- To carry out our obligations and enforce our rights arising from any agreements between you and us.
- To understand usage patterns on the Website and Software Services.
- To set up the Software Services for individuals and their organizations.
- In connection with prospective service engagements, partnerships or vendor relationships.
4. How We May Share Personal Information
We may disclose your Personal Information as follows:
- To our affiliates or subsidiaries as necessary to provide our products and services.
- To our service providers in support of our business. We do not authorize these service providers to use or disclose your Personal Information except as necessary to perform certain services on our behalf or comply with legal requirements. We require these service providers to safeguard the privacy and security of personal information they process on our behalf.
- To an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- We may disclose your Personal Information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
- We may disclose your Personal Information to our private equity sponsor, Vista Equity Partners. See further details below in section 10.
We do not share your Personal Information with third parties or unaffiliated companies for their marketing purposes unless you opt in to that sharing.
5. Your Rights and Choices
We seek to provide you with choices regarding the Personal Information you provide to us.
- Marketing communications from Apptio. If you do not wish to receive e-mail marketing communication from us, you can opt-out by sending an email to firstname.lastname@example.org. You can also unsubscribe from e-mail marketing communications by following the instructions contained in the marketing messages you receive. Even if you opt-out or unsubscribe, we can send you certain communications relating to the Service, such as administrative messages that are considered part of your account membership. You cannot opt-out of receiving those messages. Where required under applicable law, we will only send you marketing communications with your consent
- Right of access, deletion, correction of your Personal Information. Subject to applicable law, you may have the rights to request access to and receive information about the Personal Information we maintain about you, update and correct inaccuracies in your Personal Information, and have the information blocked or deleted, as appropriate. These rights may be limited in some circumstances by local law. To exercise these rights, please contact us as set forth below in the how to contact us section.
- Customers account information. You can update, edit or remove your account information at any time by logging into the Website.
- If you are a California Resident, see Your California Privacy Rights below at section 7.
- If you are in the EU, see the GDPR below at section 6
You can choose not to provide us with your Personal Information, but if you do not provide us with your Personal Information when we request it, we may not be able to provide you with our full range of products and services, or provide a service appropriately tailored to you.
The EU General Data Protection Regulation (“GDPR”) went into effect on: May 25, 2018 and ushered in the most sweeping set of data protection, privacy and data transfer regulations to date. If a company uses third party data processors to collect, transmit, host or analyze personal data of EU citizens, the GDPR requires the company use processors who guarantee their ability to implement the technical and organizational requirements of the GDPR.
The Apptio branded products, and the processing of customer data within the Apptio branded products, are compliant with the GDPR. To formalize this commitment, we have added the Apptio EU General Data Protection Regulation Provisions to our contractual commitments to our customers. Among other things, these terms obligate Apptio to:
- Process personal data based on customer instructions or applicable laws
- Ensure that personnel accessing personal data are subject to confidentiality duties
- Apply technical and administrative measures to protect personal data
- Assist customers in responding to requests from individuals about their personal data
- Assist customers in fulfilling their legal duties including regarding notification of data breach
- Delete personal data at the conclusion of the contracted services except where retention is required or permitted by law
- Provide customers with information required to fulfill regulatory and audit obligations
- Obtain customer consent when engaging a subprocessor to process personal data in connection with the Apptio branded products. If you are a current customer you are invited to review the list of subprocessors available and obtain updates via the mechanism described on that page.
We encourage you to review these commitments. They represent a coordinated effort within Apptio to ensure we not only comply with applicable regulation, but also that we maintain our ongoing compliance, security and privacy efforts in general. We consider the GDPR to be a welcome development and look forward to our continued collaboration with our customers and suppliers towards ensuring the regulations and principals they represent are observed.
7. Your California Privacy Rights
This section provides additional details about the personal information we may collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA”.
We share this information with the categories of third parties described in the How We May Share Personal Information (Section 4) above. Apptio does not sell (as the term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please note that we may use third-party cookies for our advertising purposes as further described in section 15 below.
Subject to certain limitations, the CCPA provides California consumers a number of rights, specifically:
- the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information);
- to delete their personal information;
- to opt out of any “sales” that may be occurring; and
- to not be discriminated against you for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us as set out in the How to Contact Us section below.
We will verify your request using the information we currently hold about you, including email address. Further information may be required in order to identify you. Consumers can also designate an authorised agent to exercise these rights on their behalf.
8. Data Security
We take reasonable steps given the context of the engagement in which data is provided to protect your Personal Information from loss, misuse, interference, unauthorized access, disclosure, alteration, and destruction. However, the security of information transmitted through the Internet can never be guaranteed and is not entirely within our control.
Where you receive a password for access to certain parts of our Website or the Software Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
9. Cross-Border Data Transfers
To offer our services, we may need to transfer your personal information among several countries where we have employees, facilities or service providers, including the United Sates, where we are headquartered. By using the Software Services or otherwise providing Personal Information to us, you consent to the transfer of Personal Information to countries outside of your country of residence, including the U.S.
10. Apptio’s Private Equity Sponsor
11. Links to Other Websites
Our website may contain links to websites of third parties who: (1) are not affiliated with us; (2) are outside our control; or (3) are not covered by this Policy (“Third-Party Websites”). Links provided to Third-Party Websites on our Website are provided only as a convenience to you. The inclusion of any link does not imply its reliability or an endorsement by us of the content or security. We are not responsible for the privacy practices of Third-Party Websites, which may collect and use information from you in a manner different than how we do so. Accordingly, the use of such Third-Party Websites is entirely at your own risk. For relevant information, you should review the privacy statements or policies of any Third-Party Websites before using them. Other parties may collect information about your online activities over time and across different websites when you use our Site or Services.
12. Changes to Our Policy
We reserve the right to modify this Policy at any time, so please review it frequently to see when the Policy was last revised. Any changes to this Policy will become effective when we post the revised Policy on our Website or via the Software Services. Your continued use of the Website or Software Services is deemed to be acceptance of such changes, to the extent permitted under applicable law.
This Site is not designed to collect Personal Information from children who are under 13 years of age. We do not intend to or knowingly collect such information.
14. Do Not Track Disclosures
15. Cookies and Web Beacons
Web beacons (also known as internet tags, pixel tags, and clear GIFs) are clear electronic images that can recognize certain types of information on your computer, such as the type of browser used to view a website page, when you viewed a particular site linked to the Web beacon, and a description of a site tied to the Web beacon. Certain pages on our Website may contain such Web beacons, which Apptio uses to operate and improve the Website.
How to Control Cookies?
Apptio complies with privacy laws that control cookies for users throughout the world, including the EU. Those users can modify their cookie settings when they first visit our website, or by accessing their cookie settings. For all other users, by using this Website, you agree that we can place cookies on your computer or device as explained above. However, you can stop cookies being downloaded to your computer by selecting the appropriate settings on your browser. Most browsers will allow you to see what cookies you have and delete them on an individual basis or block cookies from particular or all websites. Be aware that any preference you have set will be lost if you delete all cookies, including your preference to opt-out from cookies as this itself requires an opt-out cookie to have been set. For more information on how to modify your browser settings to block or filter cookies, see http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/.
Please bear in mind that removing or blocking cookies can affect your user experience and without cookies, you may not be able to take full advantage of our Website features.
We may modify or amend this Cookie information from time to time at our discretion. When we make changes to this notice, we will amend the revision date at the top of this page, and such modified or amended information shall be effective as to you and your information as of that revision date. We encourage you to periodically review this Cookie sction to be informed about how we are using cookies.
16. How to Contact Us
If you have questions about this Policy, the Website or the Software Services, would like to opt out from certain service, or to exercise your rights, contact us at:
- Via email at email@example.com; or
- Via mail at Apptio, Inc., 11100 NE 8th Street, #600, Bellevue, WA 98004
- Via Telephone on the contact number(s) set out on our website
Table of Contents
Das Informationssicherheitsteam, die Rechtsabteilung und die Abteilung für interne Compliance/Audits von Apptio arbeiten alle zusammen, um sicherzustellen, dass die besten Sicherheitspraktiken der Branche eingehalten werden. Die Software-as-a-Service (SaaS)-Umgebung von Apptio befolgt strenge Richtlinien zum Schutz der Vertraulichkeit, Integrität, Privatsphäre und Verfügbarkeit Ihrer Daten.
Compliance und Zertifizierungen
Wir arbeiten auch mit unabhängigen Auditoren und Penetrationstestern zusammen, um zu überprüfen, ob Apptio über die entsprechenden Sicherheitskontrollen verfügt, um die uns anvertrauten Kundendaten zu schützen.
SOC2 Typ II- und SOC3-Bericht
SOC-Berichte (System- und Organisationskontrolle) sind unabhängige Untersuchungsberichte von Drittanbietern, die zeigen, wie Apptio wichtige Compliance-Kontrollen und -Ziele erreicht. Der Zweck dieser Berichte besteht darin, Ihnen und Ihren Auditoren ein Verständnis für die Apptio-Kontrollen zu vermitteln, die zur Unterstützung von Betrieb und Compliance eingerichtet wurden. Cloud-Services von Apptio wurden erfolgreich gemäß AT 101 und den Trust Services Principles für Design und Betriebssicherheit geprüft. Weitere Informationen zu den AICPA- und SOC-Standards finden Sie unter dem folgenden Link: http://www.aicpa.org/soc4so
Um eine Kopie unseres SOC3-Berichts zu erhalten, klicken Sie auf den folgenden Link:
Laden Sie den SOC3-Bericht von Apptio herunter
Apptio ist gemäß ISO27001:2013 zertifiziert und entspricht allen damit verbundenen Anforderungen für die Einrichtung, Implementierung, Wartung und kontinuierliche Verbesserung eines Informationssicherheits-Managementsystems (ISMS). Durch diese Ausrichtung wird sichergestellt, dass die Cloud-Dienste von Apptio über das erforderliche und geeignete Sicherheitssteuerungs- und -verwaltungsprogramm verfügen, das in der ISO/IEC 27001-Norm definiert ist.
Apptio gehört zu einer ausgewählten Gruppe von SaaS-Anbietern, die eine FedRAMP-Zertifizierung im Rahmen der Authorization to Operate (ATO) des Joint Authorization Board (JAB) erhalten haben. Die FedRAMP-Umgebung von Apptio bietet eine in den kontinentalen USA (CONUS) installierte und dedizierte Infrastruktur (Einrichtungen, Server, Datenbanken, Netzwerkgeräte) für Regierungsbehörden, die unsere SaaS-TBM-Lösungen (Technology Business Management) abonnieren.
Cloud Security Alliance – STAR Level One-Zertifizierung
Unsere Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) enthält Informationen darüber, wie Cloud-Services von Apptio die Sicherheit, den Datenschutz, die Compliance und Anforderungen an das Risikomanagement erfüllt, die in CSA CCM Version 3.0.1 definiert sind.
Apptio erfüllt die Compliance-Anforderungen der DSGVO der Europäischen Union. Vier Jahre nach Beginn der Überarbeitung der europäischen Datenschutzgesetze wurde der letzte Text der neuen Datenschutzgrundverordnung (DSGVO) im Frühjahr 2016 genehmigt und trat im Mai 2018 in Kraft. Die Rechte von EU-Bürgern zur Kontrolle ihrer persönlichen Daten werden von Apptio respektiert.
California Consumer Privacy Act (CCPA)
Der California Consumer Privacy Act (CCPA), der 2018 verabschiedet wurde, schafft neue Verbraucherrechte in Bezug auf den Zugriff auf, die Löschung von und den Austausch von personenbezogenen Daten, die von Unternehmen erhoben werden. Apptio entspricht dem California Consumer Privacy Act. Apptio gewährt kalifornischen Verbrauchern zusätzliche Rechte, die in unserer Datenschutzrichtlinie und in den Vereinbarungen, die wir mit unseren Lieferanten und unseren Kunden getroffen haben, vollständig dargelegt sind. Apptio respektiert die Rechte von kalifornischen Verbrauchern, ihre persönlichen Daten zu kontrollieren.
EU-US Privacy Shield
Apptio entspricht dem EU-US Privacy Shield Framework, wie vom US-Handelsministerium festgelegt und zertifiziert, bezüglich der Erfassung, Verwendung und Speicherung personenbezogener Daten, die von der Europäischen Union in die Vereinigten Staaten übertragen werden.
Apptio hält sich an ITIL-Prinzipien und -Praktiken für die Verwaltung und Unterstützung unserer SaaS-Umgebung. Durch die Nutzung der Prozessautomatisierung und anderer ITIL-Best Practices sind wir gut positioniert, um das IT Service Management für unsere Cloud-Services und Kunden durchzusetzen.