Our Commitment to Cloud Security
AvePoint is pleased to announce that we have earned the System and Organization Controls (SOC) 2 Type II certification that covers AvePoint Online Services (AOS), AvePoint Migration Platform (AMP), DocAve, Compliance Guardian, Governance Automation, and Records, that collectively migrate, manage, and protect data across cloud and on-premises collaboration systems.
AvePoint’s critical data management solutions enable organizations to make their digital collaboration systems more productive, secure, and compliant. The impact of COVID-19 and the growth of Microsoft’s cloud solutions, including Microsoft 365 and Microsoft Teams, have accelerated demand for AvePoint’s products.
The SOC 2 Type II audit and attestation, conducted by an independent CPA firm, confirms that AvePoint meets the strict information security and privacy standards for the handling of highly sensitive customer data established by the American Institute of Certified Public Accountants (AICPA). Our report is issued by independent third-party auditors and covers the principles of Security, Availability, Confidentiality, and Privacy.
The SOC 2® Type 2 report is intended to provide an understanding of the service organization’s suitability of the design and operating effectiveness of its internal controls. The successful completion of this audit illustrates our ongoing commitment to creating and maintaining a secure operating environment for our clients’ confidential data. AvePoint is continuously improving our program and controls, and we choose not to solely rely on the security and privacy credentials of our service providers.
We are also in fact consumers of our own technology! AvePoint met not only SOC 2, but also ISO 27001:2013 requirements using our own Compliance Guardian and AOS solutions. We’ve been able to do things like:
- Automatically apply data classification to data at rest and any newly created document based on sensitivity, document/information type, and retention period
- Identify non-conformities in the Incident Management Center
- Automate third-party vendor risk assessments
- Automate Risk Management
AvePoint has a long-standing commitment to privacy and security. Achieving both the SOC 2 attestation and ISO 27001 certifications provides independent validation of our ability to provide the highest levels of protection for sensitive data. Security and compliance, and the ability to adapt to evolving risks and requirements, are disciplines that must be practiced each day to ensure data protection, integrity, availability, and reliability.