Cybersecurity Policy

Purpose

This Cybersecurity Policy outlines the measures Aspen uses to protect the confidentiality, integrity, and availability of its systems and data. Our goal is to safeguard client information, reduce security risks, and respond effectively to potential threats.

Scope

This policy applies to all Aspen systems, applications, infrastructure, employees, contractors, and third-party service providers involved in delivering our services.

Security Practices

Aspen implements technical, administrative, and organizational safeguards designed to protect data from unauthorized access, disclosure, alteration, or destruction. These safeguards include secure cloud infrastructure, encryption of data in transit and, where applicable, at rest, role-based access controls, and authentication measures appropriate to the sensitivity of the data. Access to systems and data is limited to authorized individuals based on job responsibilities and business need.

Software Updates and Vulnerability Management

Aspen maintains its systems through regular software updates and security patching. We monitor vendor releases, apply updates in a timely manner, and leverage automated monitoring and periodic vulnerability assessments to identify and address known security risks.

Incident Response

Aspen maintains an incident response process designed to identify, contain, investigate, and remediate security incidents. In the event of a suspected or confirmed breach, affected systems are secured, the scope and root cause are assessed, and corrective actions are taken to prevent recurrence. Where required, impacted clients and partners are notified in a timely manner in accordance with applicable obligations.

Third-Party Security

Aspen utilizes reputable third-party service providers for infrastructure, analytics, integrations, and payment processing. We seek to work with vendors that maintain appropriate security practices and controls relevant to the services they provide.

Employee Responsibilities

Individuals with access to Aspen systems are expected to follow security best practices, protect credentials, and promptly report suspected security issues. Access is reviewed periodically and adjusted as roles or responsibilities change.

Monitoring and Review

Aspen periodically reviews its security practices and updates controls as needed to address evolving threats, changes in business operations, and industry best practices.

Limitations

While Aspen takes security seriously and implements reasonable safeguards, no system or method of data transmission over the internet can be guaranteed to be completely secure. Users acknowledge and accept the inherent risks associated with electronic data storage and transmission.

Policy Updates

Aspen may update this Cybersecurity Policy from time to time. Any changes will be posted, and continued use of Aspen’s services after updates indicates acceptance of the revised policy.

Contact Us

If you have questions about this policy, email us at support@getaspen.com