Skip to main content

Strength in Security: How Appian s New Certifications Further Protect Data

Marcelo Andrieu, Technical Product Marketing Manager
May 23, 2019

Over 6,500 recorded data breaches in 2018 compromised information belonging to millions of people and cost organizations millions of dollars in fines and lawsuits.

From post-breach customer protection to attorney fees to technical investigations, the costs of a breach certainly add up fast. And "hidden" costs like insurance premium increases, devaluation of trade name, and operational disruption can add up to 90% of the total business impact on a company, according to a recent study by Deloitte Advisory, "Beneath the Surface of a Cyberattack: A Deeper Look at the Business Impacts." The financial effects of a security breach often burden businesses two years after the incident or later.

Clearly, organizations want to do all they can to protect their customers' information and the business' own assets. But with the pressure to compete and innovate, it can be difficult to roll out robust enterprise applications while ensuring there are no gaps in security. Keeping data safe and private is paramount.

That's exactly what Appian's low-code platform was made to help organizations do. It helps you automate processes, unify siloed data, utilize the latest AI, RPA and integration technologies, and provide a seamless, intuitive customer experience all while adhering to the most stringent industry, regional, and global compliance regulations.

To maintain high security standards across industries and geographies, Appian Cloud has customers covered with more certifications than any low-code or BPM platform vendor. What used to be a list of 15 has recently risen with the addition of three certifications to further protect businesses.

Here's an overview of Appian's three new certifications and why they're important for your security.

ISO 27001:2013

An international standard for information security and risk management, ISO/IEC 27001:2013 protects organizations in all industries and sectors across the globe. Equipped with an effective ISO 27001 information security management system (ISMS), businesses can more effectively secure information in any format thanks to a framework of policies and procedures.

The ISO/IEC 27001:2013 guidelines ensure information is accurate and can only be modified by authorized users. This further protects information from getting into the wrong hands, but in the event that a breach does happen, this certification helps organizations mitigate the impact.

By adding ISO 27001:2013 to its list of certifications, Appian Cloud has reached a much higher level of security maturity. This certification process has undergone an assessment to an international standard based on industry best practices, meaning Appian customers reap the benefits of top-down security: increased reliability of systems, improved confidence among all stakeholders, increased business resilience, and many more.


Today's healthcare model is changing. Patients want more convenient, personalized service from their provider, which requires storing troves of personal-private information. It's more crucial than ever to protect this information while staying within the parameters of global and local regulations.

Although HIPAA calls for "reasonable and appropriate" protections, many providers are unsure what exactly is reasonable and appropriate. The result: They implement insufficient measures and skimp on risk assessments.

Developed by healthcare and IT professionals, the Health Information Trust Alliance (HITRUST) exists to more specifically outline the grey area of what's considered "reasonable and appropriate." These prescriptive guidelines serve as a complement to HIPAA, reducing complexity, risk, and cost to help providers more easily comply with HIPAA requirements.

Beyond HIPAA, the HITRUST Common Security Framework includes standards like NIST, ISO, PCI, FTC Red Flag, and COBIT. Appian is proud to claim this certification due to a slew of benefits. High visibility helps customers understand exactly how they are meeting requirements across industry standards. Even more, patients and partners know their data is protected under HITRUST, helping providers earn trust and credibility in today's competitive healthcare landscape.

DISA Level 4

The U.S. Department of Defense (DoD) is constantly updating its Cloud Computing Security Requirements Guide (SRG) often due to the Defense Information Systems Agency's (DISA) authorization of cloud service offerings and how DoD components use them.

Recently, the DoD used FedRAMP as a foundation to define additional requirements in its SRG mainly, how Impact Level 4 and 5 data should be secured. And Appian signed an agreement with Smartronix, an approved Impact Level 4 (IL4) cloud provider.

Therefore, federal agencies requiring low-code applications that meet the stricter security standards of IL4, which includes Controlled Unclassified Information (CUI), can deploy the Appian platform as a Smartronix managed service.

At IL4, an Appian application can be used to manage and store information, including export controls, privacy information including personally identifiable information, and protected health information.

Securing information and ideas

Organizations today are raising the bar for robust, intuitive, innovative applications. But with these bold transformations comes risk. Organizations want to know their systems are impenetrable, and their customers want to rest assured their information is safe.

Appian customers trust us because we undergo frequent and regular third-party audits to validate that controls are operating effectively to protect customer data. And with advanced business activity monitoring, along with other governance capabilities, we keep your applications running smoothly and securely to ensure your business continuity.

Transparency is not just an aspiration for Appian it's an imperative. Qualys SSL Labs provides deep analysis of the security configuration of web servers on the internet, specifically the SSL/TLS configuration, and Appian Cloud's web-tier is rated as an A+.

Appian ensures your peace of mind and business continuity by keeping your critical applications secure, available and compliant with local and global regulations and Appian Cloud makes it easy with a comprehensive security and compliance program.To learn more about Appian's security and certifications, visit our Trust Center.