AvePoint Achieves an ISO 27017:2015 Certification & ISO 27001:2013 Re-Certification

Post Date: 06/28/2021
feature image

As AvePoint continues to help our customers succeed in securing their digital collaboration work around the world, we are pleased to share that we have continued to prove our commitment to security and privacy with the successful re-certification and demonstration of conformance to the International Organizations for Standardization’s (ISO) information security management system (ISMS) audit using the 27001:2013 framework!

ISO is an independent, non-governmental international organization with a membership of 161 national standard bodies. ISO is credited with publishing more than 2,100 international standards covering almost every industry from technology to food safety to aviation to healthcare.

Our ISO re-certification against 27001:2013 covers company-wide processes across AvePoint including the management, operation, and maintenance of the people and information assets, information systems, and the associated processes that enable corporate operations. It also covers the development and deployment of products and services provided to customers and employees of AvePoint, Inc.

In the current ISO certification cycle, AvePoint has raised the bar even higher to not only certify our company-wide processes against 27001:2013, but also to certify against ISO 27017:2015 with respect to the AvePoint Cloud Security Operations, including the SaaS services/solutions provided by AvePoint to its customers. Both of these certifications will last until 2024. The ISO 27017:2015 certification for our cloud solutions, along with our SOC 2 Type II certification that covers AvePoint’s full (Hybrid and Cloud) product offering, demonstrates our strong foundation and discipline necessary to develop and support some of the leading privacy and security products in the world.

GET OUR NEWSLETTER: Subscribe here for weekly content from AvePoint

As part of our Privacy and Security Program, we’ve implemented a governance structure through which we engage senior management on data privacy and security issues, align policies, procedures, and technical controls to demonstrate our process and commitment to our customers and users, and train each of our employees on all privacy and security expectations.


We also utilize a wide catalog of products that help us say what we do, do what we say, and prove it! These products allow us to understand how data is created and collected by our company, used, shared and stored, and ultimately end-of-lifed. We use products from not only Microsoft, but also AvePoint to identify, tag, and protect data, create and manage secure containers, and review and limit permissions (including our own Cloud Governance, Compliance Guardian, Perimeter, and PI).

This robust program combines people, processes, and technology to create a trustworthy platform for AvePoint’s employees, customers, partners, and investors. This information and more are available to share externally via our newly-designed “Trust Center.” This is a customer-facing resource center that provides information about our privacy, security, and accessibility programs along with our certifications.

In reality, we improve what we measure and we protect what we treasure. Our wide array of certifications provide independent validation of our ability to offer the highest levels of protection for sensitive data. Security and compliance–and the ability to adapt to evolving risks and requirements–are disciplines that must be practiced each day to ensure data protection, integrity, availability, and reliability. ISO certification represents a commitment to continually improve our information security and privacy programs. This is a great opportunity for AvePoint to say what we do, do what we say, and prove it!

Stay up with the latest AvePoint news by subscribing to our blog.


Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en Twitter: http://www.twitter.com/danalouise

View all post by Dana S.
Share this blog

Subscribe to our blog