How AvePoint Achieved ISO 27001 Recertification in 2019

avepoint

Seeing as October is National Cybersecurity Awareness month, there’s never been a better time for us to share that AvePoint has continued to prove our commitment to security and privacy with the successful demonstration of conformance to the International Organizations for Standardization’s (ISO) information security management system (ISMS) audit using the 27001:2013 framework!

ISO is an independent, non-governmental international organization with a membership of 161 national standard bodies. ISO is credited for publishing more than 2100 international standards, covering almost every industry from technology to food safety to aviation to healthcare.

Our ISO certification for AvePoint Inc covers the management, operation, and maintenance of the people and information assets, information systems, and the associated processes that enable corporate operations. It also covers the development and deployment of products and services provided to customers and employees of AvePoint Inc.

AvePoint builds on the foundation and discipline necessary to develop and support some of the leading privacy and security products in the world.  As part of our Privacy and Security Program, we’ve implemented a governance structure through which we engage senior management on data privacy and security issues, align policies, procedures, and technical controls to demonstrate our process and commitment to our customers and users, and train each of our employees on all privacy and security expectations.

We believe that security must be everyone’s job. If you treat it as an afterthought or leave it to the people in IT (or even to your CISO) then you’ve already failed. No matter how great the security team is that your organization employees, history has shown us that the adversaries are too much and too many. While we as security practitioners need to get our defenses right every time, hackers only need to be right once. So, with that being said, make security the job of every one of your employees and you’ll have an army to protect your data.

rto vs rpo

What does that mean practically and operationally? Clearly not everyone in your company is going to be a data protection or security expert, nor is that necessary. The reality is that all of your employees should understand that no one will care about the privacy of their data more than they do–and no one should work harder to protect it than they should.

This is true not only for their own personal information, but also for the data (customer information, corporate secrets, etc.) that they use every day as part of their job. Security is everyone’s job and should be as fundamental a part of your employment agreement as anything else that you do.

In reality, we improve what we measure and we protect what we treasure. ISO certification represents a continuing commitment to continually improve our information security and privacy programs to remain certified! This is a great opportunity for AvePoint to say what we do, do what we say, and prove it!


Looking for more data protection coverage? Be sure to subscribe to our blog!

Previous articleTop 5 Must-Use Apps in Microsoft Teams
Next articleHow to Overcome 4 Common Provisioning Challenges in Office 365
Dana S.
Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en Twitter: http://www.twitter.com/danalouise

LEAVE A REPLY

Please enter your comment!
Please enter your name here