Une sécurité qui vous protège réellement
L'innovation repose sur la confiance ; la confiance commence par la transparence. Vous pouvez faire confiance à Apptio pour fournir des applications de premier ordre, tout en traitant vos données avec le plus grand soin et en toute sécurité. Chaque aspect de notre activité est pensé pour garantir cette confiance.
Apptio a conscience que l'emplacement des données est un facteur important pour les entreprises du monde entier. Tous les centres de données Apptio sont des centres de données de niveau 3 et 4 de classe mondiale offrant une sécurité et une protection de l'environnement avancées. Certains de nos produits utilisent Amazon Web Services (AWS). Les fournisseurs de centres de données Apptio (y compris les installations de colocation et AWS) possèdent des certifications industrielles qui incluent notamment SOC1 Type II, SOC2 Type II, ISO27001:2013 et Cloud Security Alliance STAR.
- Région Ouest des États-Unis
- Région Est des États-Unis
- Région de l’UE (Francfort)
- Région de l’UE (Amsterdam)
- Région de l’UE (Irlande)
- Région de l’Asie-Pacifique (Sydney)
Apptio met en œuvre des contrôles techniques pour garantir que les données clients sont protégées contre les compromissions et les accès non autorisés :
Apptio effectue régulièrement des tests d’intrusion et des analyses de vulnérabilité afin de garantir que nos systèmes assurent une sécurité optimale constante. Les tests d’intrusion sont réalisés par notre équipe interne dédiée à la sécurité des informations, ainsi que par des sociétés de sécurité tierces de premier plan. Des rapports récapitulatifs sur ces tests d’intrusion tiers et les analyses de vulnérabilité des applications Web sont disponibles sur demande.
Veuillez signaler toute activité malveillante ou toute vulnérabilités potentielles non découvertes à firstname.lastname@example.org pour une intervention rapide.
La protection de vos données est une priorité pour Apptio, et le développement et l'exploitation de notre service s'articulent autour de cet engagement. Cela inclut nos employés, nos politiques de sécurité et notre engagement à vous aider à mettre en œuvre des pratiques de sécurité lors de l'utilisation de nos produits.
Confidentialité et InfoSec
Apptio exige que tous les employés et sous-traitants signent et respectent les accords de confidentialité de non-divulgation ainsi que nos politiques de sécurité des informations.
Apptio fournit une formation à tous les employés sur nos pratiques et politiques de gestion de la sécurité des informations lors de leur orientation vers les nouveaux employés, avec des cours de recyclage dispensés chaque année afin de maintenir le personnel à jour. En outre, les développeurs Apptio sont tenus de suivre une formation spécifique sur les pratiques de codage sécurisé chaque année.
Accès aux données
Le principe du « moindre privilège » est respecté et les données sont accessibles uniquement au personnel Apptio autorisé, selon les besoins, pour l'exploitation du service. Les données clients ne sont divulguées à des tiers que dans le cadre de la fourniture de services à vous, et uniquement conformément à vos accords commerciaux avec Apptio.
2. Personal Information We May Collect or ReceiveDepending on the context in which you interact with us, we may collect or receive the following types of information, including Personal Information, from and about you:
- When you submit requests or post materials or inquiries on our Website (including when registering for content such whitepapers and requesting additional information, services, or support from us), we may collect your name, job title/level, company name, address, phone number, e-mail address, country, and certain company information.
- When you correspond with us via email, we may collect the Personal Information included in your e-mail.
- Any Personal Information you submit in a bulletin board or chat room on our Website. Please note that any Personal Information you submit there will be posted online and can be read, collected, or used by other visitors to these forums. We are not responsible for third party use of the Personal Information you choose to submit in these forums. We also reserve the right, at our sole discretion, to remove any content you may post on our Website.
- When you visit our Website we collect certain information automatically. This includes device information such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, and browser type, and information about the actions you take on our Website, such as access times, pages viewed, links clicked, and the page you visited before navigating to our Website. We also use session replay technologies to visualize how visitors interact with our Website.
- Like many websites, we use “cookies” to collect visitor information. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your Web browser. If you have provided your name or other contact information to us via a web form, we are able to link that information back to the cookie. Using cookies makes it possible for us to recognize your browser when you visit and to tell us whether customers and visitors have visited the Website previously. This information may also be used to provide you with information that we believe to be relevant to you based on your actions on our Website. Please review the “Cookies and Web Beacons” section below to learn more.
- We may also infer or derive information about you from the other information we collect. For example, we may infer your approximate location from your IP address.
- When Customers register to use the Software Services (and related services, such as training and customer support), we require them to provide us with contact information (such as name, company name, phone number, and e-mail address). They may voluntary decide to communicate additional Personal Information (such as title, department name, fax number, and additional company information, such as mailing address, annual revenues, number of employees, or industry). We will use the email address provided during the registration process to generate a username and temporary password for Customers. Customers will be invited to log-in to change their password.
- We collect information about Customers’ use of the Software Services including in a log file (e.g;, when a user logs, its use of the system).
- With Customers’ consent, we may post Customers’ testimonials, which may include Personal Information such as their name, on the Website about their use of the Software Services.
- Customers contact details to send them information about our products or services.
- Personal Information of Vendors’ and Partners’ Employees as provided by Vendors or Partner for purposes of the vendor’s services or in furtherance of the relevant partner relationship.
3. How We May Use Personal InformationWe may use the information that we collect about you or that you provide to us, including any Personal Information, in the following ways:
- We use data we collect to provide the Website and Software Services that we offer. This includes operating, maintaining, and providing you with all the content and features of the Website and Software Services.
- To inform you about Apptio and our products, services and partners, including to send, analyze, and improve marketing promotions and campaigns.
- To diagnose and resolve issues with and otherwise improve our Website or Software Services.
- To protect the security of our Website, services, employees and users, detect and prevent fraud, and to resolve disputes.
- To send administrative information to you, for example, information regarding the services and changes to our terms, conditions, and policies of our Website and Software Services.
- To carry out our obligations and enforce our rights arising from any agreements between you and us.
- To understand usage patterns on the Website and Software Services and optimize performance.
- To set up the Software Services for individuals and their organizations.
- To target advertisements to you on third-party platforms and websites.
- To generate de-identified data that we will not attempt to re-identify unless permitted by law.
- In connection with prospective service engagements, partnerships or vendor relationships.
4. How We May Share Personal InformationWe may disclose your Personal Information as follows:
- To our affiliates or subsidiaries as necessary to provide our products and services.
- To our vendors, service providers, contractors, and consultants (“Service Providers”) in support of our business. We do not authorize these Service Providers to use or disclose your Personal Information except as necessary to perform certain services on our behalf or comply with legal requirements. We require these Service Providers to safeguard the privacy and security of Personal Information they process on our behalf.
- To other third parties for marketing and advertising purposes.
- To our professional advisors such as lawyers and accountants in connection with obtaining guidance.
- To an acquirer, successor, or assignee in connection with or during negotiations of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- We may disclose your Personal Information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
- We may disclose your Personal Information to our private equity sponsor, Vista Equity Partners. See further details below in section 10.
5. Your Rights and ChoicesWe seek to provide you with choices regarding the Personal Information you provide to us.
- Marketing communications from Apptio. If you do not wish to receive e-mail marketing communication from us, you can opt-out by sending an email to email@example.com. You can also unsubscribe from e-mail marketing communications by following the instructions contained in the marketing messages you receive. Even if you opt-out or unsubscribe, we can send you certain communications relating to the Service, such as administrative messages that are considered part of your account membership. You cannot opt-out of receiving those messages. Where required under applicable law, we will only send you marketing communications with your consent
- Right of access, deletion, correction of your Personal Information. Subject to applicable law, you may have the rights to request access to and receive information about the Personal Information we maintain about you, update and correct inaccuracies in your Personal Information, and have the information blocked or deleted, as appropriate. These rights may be limited in some circumstances by local law. To exercise these rights, please contact us as set forth below in the how to contact us section.
- Customers account information. You can update, edit or remove your account information at any time by logging into the Website.
- If you are a California Resident, see Your California Privacy Rights below at section 7.
- If you are in the EU, see the GDPR below at section 6
6. GDPRThis section applies to individuals in the European Economic Area (“EEA”), the United Kingdom, and Switzerland. Where we process Personal Information as a data controller, we do so in reliance on the following lawful bases:
- To perform our responsibilities under our contract with you (e.g., granting you access to and providing the products and services you requested).
- When we have a legitimate interest in processing your personal data to operate our business or protect our interests (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you).
- To comply with our legal obligations (e.g., to maintain a record of your consents and track those who have opted out of marketing communications).
- When we have your consent to do so (e.g., to send you marketing communications). When consent is the legal basis for our processing your personal data, you may withdraw such consent at any time.
- For individuals in the EEA: https://edpb.europa.eu/about-edpb/board/members_en
- For individuals in the UK: https://ico.org.uk/global/contact-us/
- For individuals in Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
- Process personal data based on customer instructions or applicable laws
- Ensure that personnel accessing personal data are subject to confidentiality duties
- Apply technical and administrative measures to protect personal data
- Assist customers in responding to requests from individuals about their personal data
- Assist customers in fulfilling their legal duties including regarding notification of data breach
- Delete personal data at the conclusion of the contracted services except where retention is required or permitted by law
- Provide customers with information required to fulfill regulatory and audit obligations
- Obtain customer consent when engaging a subprocessor to process personal data in connection with the Apptio branded products. If you are a current customer you are invited to review the list of subprocessors available and obtain updates via the mechanism described on that page.
7. Your California Privacy RightsThis section provides additional details about the Personal Information we may collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or “CCPA”.
Additional DisclosuresThe categories of information we collect include identifiers, commercial information, internet activity information, professional information, and inferences. The categories of sources from which we collect such information are from you and from third party business partners. For more details about the Personal Information we have collected over the last 12 months, including the categories of sources, please see the Personal Information We May Collect or Receive (Section 2) above. We collect this information for the following business and commercial purposes (described in more detail in the “How We May Use Personal Information” section of this Policy): providing the Website and Software Services; performing marketing and advertising; conducting analytics and Website/Software Services improvement; and for security/compliance. We share this information with the categories of third parties described in the How We May Share Personal Information (Section 4) above. In particular, we have shared information as follows:
|Category of Personal Information||Categories of Recipients|
|Identifiers||Affiliates; Service Providers; Professional Advisors; Advertising Partners.|
|Commercial Information||Affiliates; Service Providers; Professional Advisors; Advertising Partners.|
|Internet Activity Information||Affiliates; Service Providers; Advertising Partners.|
|Professional Information||Affiliates; Service Providers; Professional Advisors; Advertising Partners.|
|Inferences||Affiliates; Service Providers; Professional Advisors; Advertising Partners.|
Privacy RightsSubject to certain limitations, the CCPA provides California consumers a number of rights, specifically:
- the right to request to know more details about the categories Personal Information we collect (including how we use and disclose this information) or access specific pieces of Personal Information we have about them;
- to delete their Personal Information;
- to correct inaccurate Personal Information;
- to opt out of any “sales” or “sharing” that may be occurring through our use of third-party cookies for advertising as described in section 15 below by disabling targeting and social media cookies through the cookie settings portal [(you can also opt out by visiting our Website while using a legally-recognized universal choice signal (such as the Global Privacy Control) enabled but please note that our processing of the signal may be limited to the specific browser or device you are using)]; and
- to not be discriminated against you for exercising these rights.
8. Data SecurityWe take reasonable steps given the context of the engagement in which data is provided to protect your Personal Information from loss, misuse, interference, unauthorized access, disclosure, alteration, and destruction. However, the security of information transmitted through the Internet can never be guaranteed and is not entirely within our control. Where you receive a password for access to certain parts of our Website or the Software Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
11. Links to Other WebsitesOur website may contain links to websites of third parties who: (1) are not affiliated with us; (2) are outside our control; or (3) are not covered by this Policy (“Third-Party Websites”). Links provided to Third-Party Websites on our Website are provided only as a convenience to you. The inclusion of any link does not imply its reliability or an endorsement by us of the content or security. We are not responsible for the privacy practices of Third-Party Websites, which may collect and use information from you in a manner different than how we do so. Accordingly, the use of such Third-Party Websites is entirely at your own risk. For relevant information, you should review the privacy statements or policies of any Third-Party Websites before using them. Other parties may collect information about your online activities over time and across different websites when you use our Site or Services.
12. Changes to Our PolicyWe reserve the right to modify this Policy at any time, so please review it frequently to see when the Policy was last revised. Any changes to this Policy will become effective when we post the revised Policy on our Website or via the Software Services. Your continued use of the Website or Software Services is deemed to be acceptance of such changes, to the extent permitted under applicable law.
13. ChildrenThis Site is not designed to collect Personal Information from children who are under 13 years of age. We do not intend to or knowingly collect such information.
Web BeaconsWeb beacons (also known as internet tags, pixel tags, and clear GIFs) are clear electronic images that can recognize certain types of information on your computer, such as the type of browser used to view a website page, when you viewed a particular site linked to the Web beacon, and a description of a site tied to the Web beacon. Certain pages on our Website may contain such Web beacons, which Apptio uses to operate and improve the Website.
How to Control Cookies?Apptio complies with privacy laws that control cookies for users throughout the world, including the EU & California. Those users can modify their cookie settings when they first visit our website, or by accessing their cookie settings. For all other users, by using this Website, you agree that we can place cookies on your computer or device as explained above. However, you can stop cookies being downloaded to your computer by selecting the appropriate settings on your browser. Most browsers will allow you to see what cookies you have and delete them on an individual basis or block cookies from particular or all websites. Be aware that any preference you have set will be lost if you delete all cookies, including your preference to opt-out from cookies as this itself requires an opt-out cookie to have been set. For more information on how to modify your browser settings to block or filter cookies, see http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/. Please bear in mind that removing or blocking cookies can affect your user experience and without cookies, you may not be able to take full advantage of our Website features. We may modify or amend this Cookie information from time to time at our discretion. When we make changes to this notice, we will amend the revision date at the top of this page, and such modified or amended information shall be effective as to you and your information as of that revision date. We encourage you to periodically review this Cookie section to be informed about how we are using cookies.
16. How to Contact UsIf you have questions about this Policy, the Website or the Software Services, would like to opt out from certain service, or to exercise your rights, contact us at:
- Via email at firstname.lastname@example.org;
- Via mail at Apptio, Inc., 11100 NE 8th Street, #600, Bellevue, WA 98004; or
- Via Telephone on the contact number(s) set out on our Website.
Table of Contents
L'équipe chargée de la sécurité des informations, le service juridique et le service de conformité/audit interne d'Apptio travaillent tous ensemble pour garantir le respect des meilleures pratiques de sécurité du secteur. L'environnement SaaS (Software-as-a-Service) d'Apptio suit des directives strictes pour protéger la confidentialité, l'intégrité, la confidentialité et la disponibilité de vos données.
Conformité et certifications
Nous travaillons également avec des auditeurs indépendants et des testeurs d'infraction pour vérifier qu'Apptio dispose des contrôles de sécurité appropriés pour protéger les données clients qui nous sont confiées.
Rapports SOC2 Type II et SOC3
Les rapports SOC (System and Organization Control) sont des rapports d’examen tiers indépendants qui démontrent comment Apptio atteint les contrôles et objectifs clés de conformité. L’objectif de ces rapports est de vous aider, vous et vos auditeurs, à comprendre les contrôles Apptio mis en place pour prendre en charge les opérations et la conformité. Les services cloud d’Apptio ont été vérifiés avec succès conformément à AT 101 et aux principes de confiance en matière de conception et de sécurité opérationnelle. Pour en savoir plus sur l’AICPA et les normes du SOC, consultez le lien suivant : http://www.aicpa.org/soc4so
Pour obtenir un exemplaire de notre rapport SOC3, cliquez sur le lien ci-dessous :
Télécharger le rapport SOC3 d’Apptio
Apptio est certifié ISO27001:2013 et est conforme à toutes les exigences associées pour l’établissement, la mise en œuvre, la maintenance et l’amélioration continue d’un système de gestion de la sécurité des informations (ISMS). Cet alignement garantit que les services cloud d’Apptio disposent des contrôles de sécurité et du programme de gestion requis et appropriés, tels que définis dans la norme ISO/IEC 27001.
Apptio est l’un des groupes sélectionnés de fournisseurs SaaS qui ont reçu la certification FedRamp conformément à l’ATO (Authorization to Operate) du JAB (Joint Authorization Board). L’environnement FedRAMP d’Apptio fournit une infrastructure continentale, dédiée et basée aux États-Unis (CONUS) (installations, serveurs, bases de données, périphériques réseau) pour les agences du gouvernement fédéral qui souscrivent à nos solutions de gestion des affaires technologiques SaaS.
Cloud Security Alliance : Certification STAR de niveau 1
Notre réponse à la matrice de contrôle du cloud (CCM) de la Cloud Security Alliance (CSA) explique comment les services cloud d’Apptio répondent aux exigences de sécurité, de confidentialité, de conformité, mais aussi aux exigences de gestion des risques définies dans la version 3.0 de CSA CCM.
Exigences générales de protection des données (EURGPD)
Apptio est conforme aux exigences de conformité du RGPD de l’UE. Quatre ans après le début de la révision des lois européennes sur la protection des données, le texte final du nouveau Règlement général sur la protection des données (RGPD de l’UE) a été approuvé au printemps 2016 et les nouvelles règles sont entrées en vigueur en mai 2018. Les droits des citoyens de l’UE de contrôler leurs informations personnelles sont respectés par Apptio.
California Consumer Privacy Act (CCPA)
Le California Consumer Privacy Act (CCPA), adopté en 2018, crée de nouveaux droits de consommation relatifs à l’accès, à la suppression et au partage des renseignements personnels recueillis par les entreprises. Apptio est conforme au California Consumer Privacy Act. Apptio fournit des droits supplémentaires aux consommateurs californiens qui sont entièrement énoncés dans notre politique de confidentialité et dans les accords que nous avons conclus avec nos fournisseurs et nos clients. Les droits des consommateurs californiens de contrôler leurs informations personnelles sont respectés par Apptio.
Privacy Shield UE-US
Apptio est conforme à la norme Privacy Shield UE-US tel qu’il est énoncé et certifié par le ministère du Commerce des États-Unis concernant la collecte, l’utilisation et la conservation des informations personnelles transférées de l’Union européenne aux États-Unis
Apptio est conforme aux principes et pratiques d’ITIL pour la gestion et le support de notre environnement SaaS. En exploitant l’automatisation des processus et d’autres bonnes pratiques ITIL, nous sommes bien positionnés pour appliquer la gestion des services informatiques aux services cloud et pour nos clients.