Aspose Cloud security reports

Hi everyone,
I hope you are all doing well.
I’m writing to request further details regarding the implemented security measures, available documentation, security certifications obtained(SOC2, ISO27001) and/or reports related for aspose.cloud - API product.
We are currently conducting an analysis to evaluate the adoption of the tool within our work environment, and this information is not easily accessible publicly.
These elements are necessary for our evaluation and to ensure the security of our data.

Thank you in advance for your cooperation, and I look forward to your response.

@ppalma

Please check the security practices we are following. However, kindly note that Aspose is a small, privately owned company and has not pursued certifications like SIG/CSA Star, ISO, SOC, or VAPT.

https://about.aspose.cloud/security/

Hi,
thank you for your quick reply.
Beyond the certifications, please do you have further documentation to share regarding:

  • Asset Hardening
  • Incident Management
  • Access Management
  • Data-in-Transit and Data-at-Rest Security
  • Network Protections
  • Periodic Risk Assessments

Security Reports would also be fine.

Thank you again for your cooperation.

@ppalma

Thanks for your inquiry. We are checking the details and will update you accordingly.

@ppalma

Thanks for your patience. Please find below the details.

  • Asset Hardening

All of our infrastructure is protected by a sophisticated firewall with intrusion detection and all but the necessary ports are blocked. All of our systems are updated to the latest security patches regularly, with most being setup for automatic updates.

  • Incident Management

Our infrastructure team is well trained on how to deal with a wide array of possible incidents.

  • Access Management

We cannot share details due to internal privacy controls. However, we can say that access to an asset is based strictly on need. Only those who need access to an asset have access to that asset.

  • Data-in-Transit and Data-at-Rest Security

All Aspose Cloud incoming and outgoing traffic is encrypted. Customer data is not stored within the Aspose Cloud infrastructure unless it is specifically requested by the customer. All files are purged from Aspose Cloud storage after 24 hours.

  • Network Protections

Our network is protected by a sophisticated firewall with intrusion detection and all but the necessary ports are blocked on a per asset basis.

  • Periodic Risk Assessments

We conduct risk assessments biannually.

I hope this helps.