Security and Compliance come first at Addigy. Addigy manages Apple Devices in every corner of the world, and as such, security is paramount.
Addigy infrastructure has been designed with a cloud-first approach with multiple areas of Microservices.
Addigy Infrastructure Overview
Using only the most trusted Cloud Platforms, Addigy infrastructure is designed and implemented on Amazon Web Services, Google Cloud Platform, and Stripe.
Addigy requires all leveraged Cloud Platform Vendors to be fully compliant with the following industry standards:
- SOC 1 (Type 2), SOC 2 (Type 2), and SOC 3 Compliance
- PCI DSS 3.2 Level 1 ( All card numbers are encrypted on disk with AES-256 and stored with Stripe)
- FIPS 140-2 - for all cryptographic modules and communication
- ISO 9001 - for all infrastructure
- ISO 27001 - Security Management Standards
- ISO 27017 - Cloud Specific Controls
- ISO 27018 - Personal Data Protection
More information about Amazon, Stripe, and Google’s Security and Compliance:
- https://aws.amazon.com/compliance/
- https://aws.amazon.com/security/
- https://aws.amazon.com/compliance/shared-responsibility-model/
- https://cloud.google.com/security/compliance
- https://cloud.google.com/security/
- https://stripe.com/docs/security
Additional Notes:
- All data collected within the Addigy Platform is stored on systems in both the US East and US West Regions
- Addigy performs routine Vulnerability Testing and Penetration Testing to ensure the Addigy Cloud Platform security exceeds expectation
- Addigy has completed both a SOC 2 Type 1 and Type 2, which can be requested at compliance@addigy.com.
- Addigy also has a SOC 3 Report that can be requested as well.
Addigy Agent and Server Overview
The Addigy Agent requires Administrator permissions to install on a macOS Device.
Once the Addigy Agent is installed it runs with Administrator-level permissions (root) to perform the tasks necessary to manage the macOS Device.
The Addigy Agent only asks for instructions from the Addigy Cloud Platform making an outbound connection over port 443 to the Addigy Server.
No inbound ports are required to use the Addigy Agent on a network. For more information about the specific 443 traffic please see the Addigy Port Usage document.
All Agent-based communication with the Addigy Cloud Platform is strictly over Secure Socket Layer (443) Protocol which is encrypted in transit and at rest.
Addigy Agents use certificate pinning over 443 to ensure trust between the Cloud Platform and Agent.
iOS, iPadOS, and tvOS devices do not require an Addigy Agent.
Addigy Agent and Server Diagram
Below is a diagram of how the Addigy Agent communicates with the Addigy Cloud Platform and how authenticated IT Admins access the Cloud Platform.
Please contact security@addigy.com if further information is required.
Reporting Security Issues (Responsible Disclosure Program)
Addigy has a Responsible Disclosure Program available for reporting any security issue discovered: