Seeing as October is National Cybersecurity Awareness month, there’s never been a better time for us to share that AvePoint has continued to prove our commitment to security and privacy with the successful demonstration of conformance to the International Organizations for Standardization’s (ISO) information security management system (ISMS) audit using the 27001:2013 framework!
ISO is an independent, non-governmental international organization with a membership of 161 national standard bodies. ISO is credited for publishing more than 2100 international standards, covering almost every industry from technology to food safety to aviation to healthcare.
Our ISO certification for AvePoint Inc covers the management, operation, and maintenance of the people and information assets, information systems, and the associated processes that enable corporate operations. It also covers the development and deployment of products and services provided to customers and employees of AvePoint Inc.
AvePoint builds on the foundation and discipline necessary to develop and support some of the leading privacy and security products in the world. As part of our Privacy and Security Program, we’ve implemented a governance structure through which we engage senior management on data privacy and security issues, align policies, procedures, and technical controls to demonstrate our process and commitment to our customers and users, and train each of our employees on all privacy and security expectations.
We believe that security must be everyone’s job. If you treat it as an afterthought or leave it to the people in IT (or even to your CISO) then you’ve already failed. No matter how great the security team is that your organization employees, history has shown us that the adversaries are too much and too many. While we as security practitioners need to get our defenses right every time, hackers only need to be right once. So, with that being said, make security the job of every one of your employees and you’ll have an army to protect your data.
What does that mean practically and operationally? Clearly not everyone in your company is going to be a data protection or security expert, nor is that necessary. The reality is that all of your employees should understand that no one will care about the privacy of their data more than they do–and no one should work harder to protect it than they should.
This is true not only for their own personal information, but also for the data (customer information, corporate secrets, etc.) that they use every day as part of their job. Security is everyone’s job and should be as fundamental a part of your employment agreement as anything else that you do.
In reality, we improve what we measure and we protect what we treasure. ISO certification represents a continuing commitment to continually improve our information security and privacy programs to remain certified! This is a great opportunity for AvePoint to say what we do, do what we say, and prove it!