AvePoint Earns Third Consecutive SOC 2 Type II Certification

Post Date: 02/17/2023
feature image

Information security is top of mind for most business leaders today. The looming threat of data breaches and cyberattacks and ever-growing regulatory demands have many wondering how secure their cloud data truly is. 

Worried your data may be vulnerable? Watch the webinar to see if you’re at risk: How to Identify Your Risk of a Data Breach in M365

As a data management and protection vendor, AvePoint wants you to feel confident your data is protected when you partner with us for your cloud solutions. That’s why, for the last 3 years, we have undergone a System and Organization Controls (SOC) 2 Type II audit, the most stringent, industry-accepted auditing standard for service companies that store customer data in the cloud. 

I am pleased to share that AvePoint has earned our third consecutive SOC 2 Type II certification, confirming our long-standing commitment to cloud security, and affirming your data is safe with us.  

What is SOC 2 Type II Audit and Attestation 

SOC 2 Type II is a rigorous, evidence-based audit that confirms a company’s practices meet the strict information security and privacy standards established by the American Institute of Certified Public Accountants (AICPA). It reviews five trusted service criteria: security, availability, processing integrity, confidentiality, and privacy. 

The audit is conducted by an independent firm that reviews all aspects of your security and privacy operations from software and infrastructure to communications and monitoring to confirm high-level and reliable data security measures when handling highly sensitive customer information. 

AvePoint passed our audit with “no expectations,” which means that in the full year of observing the fine details of our operations, the auditors found no issues, and every control that was tested met and exceeded expectations. I am particularly proud of this achievement because it confirms that even in today’s ever-evolving risk and regulatory landscape, our controls never waver.  

SOC 2 Type II Gives Businesses Peace of Mind 

Gartner predicts by 2025 that 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements. Certifications like SOC 2 Type II can help businesses verify if a third party has security controls and practices in place to ensure the highest levels of protection for clients’ sensitive data. 

Dive into the growing significance of data privacy: Data Privacy Day 2023: How Significant Change Can Disrupt Work and Life Significantly

That’s because SOC 2 Type II sets the standards for today’s security excellence. When completing their review, the auditors ensure vendors practice high-level and reliable data security measures across the organization and verify the integrity, availability, and confidentiality of the data management processes and procedures. 

By earning a SOC 2 Type II attestation, AvePoint received confirmation from an independent reviewer that not only do we have the necessary security measures in place but that they are robust and sound. Users of all of AvePoint’s solutions that collectively migrate, manage, and protect data across cloud and on-premises collaboration systems can rest assured that we have security controls and practices in place to ensure the safety of their data.  

AvePoint’s Commitment to Cloud Security 

AvePoint has a long-standing commitment to cloud security. As a leading data management and protection vendor, we have spent years developing products that help our customers better optimize and secure their data.  We also practice what we preach, following security best practices and integrating security and privacy into the culture of the entire company, from HR and Legal to IT and Marketing.   

I’m thrilled to have yet again achieved this security standard, as well as our other security certifications like ISO 27001, FedRAMP, CSA STAR, and IRAP, but this is more than a stamp of approval to us. It’s the way we do things, and the way we’ll continue to do things, as part of our ongoing commitment to creating and maintaining a secure operating environment for our clients’ confidential information. 

To learn more about AvePoint’s policies and certifications around security, privacy, and accessibility, please visit the AvePoint Trust Center:  https://www.avepoint.com/company/trust-center. 

Stay up to date on the latest articles about what’s new in technology, SaaS Management & Governance, SaaS Backup, and Data Management. Subscribe to our blog now.


Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en Twitter: http://www.twitter.com/danalouise

View all posts by Dana S.

Subscribe to our blog