This page applies to Appian Cloud only. It may not reflect the differences with Appian Government Cloud.
The information security policies and procedures used by Appian in the context of Appian Cloud were designed with the assumption that certain controls would be implemented by user organizations. In certain situations, the application of specific controls at user organizations is necessary to achieve the trust services criteria required defined by different information security frameworks.
This page highlights those internal control responsibilities that Appian believes should be present for each customer organization and has considered in developing its control policies and procedures. In order for users to rely on the control structure’s policies and procedures used to support their Appian applications, each user must evaluate its own internal control structure to determine if the following procedures are in place.
Each customer is responsible for implementing its own account management procedures for its Appian Cloud environment.
Customers are also responsible for validating their Appian application user accounts.
Customers are responsible for data classification of their data.
Appian Customers are responsible for confidentiality security measures over their customer data.
Appian Cloud data handling, and associated security parameters about the data, is each customer’s responsibility.
Customers are responsible for notifying Appian of suspicious activities on the system and for taking appropriate actions for any suspicious activities reported to them by Appian.
Each customer is responsible for implementing its own development methodologies for the applications built on Appian software. Customers should follow Appian Best Practices, located on Appian Community.
For customer applications, customers are responsible for managing their own non-production environments to test any customer software applications used on Appian Cloud. Responsibility of change control of the software between development, test, and production environments is the responsibility of the customer.
Customers are responsible for reviewing and approving changes that may affect system security, availability, and/or confidentiality.
Customers are able to audit the Application Server logs as frequently as necessary and are responsible for notifying Appian of any suspicious activities which they consider may compromise the security of the system.
Configuration and security of Appian applications and integrations built on Appian Cloud is the responsibility of the customer.
Customers are responsible for providing training to users of the application(s) built on Appian Cloud.
Customers are also responsible for controlling who has access to their data and for alerting Appian of any unauthorized access and/or issues/breaches.
Appian Cloud User Control Considerations