As AvePoint continues to help our customers succeed in securing their digital collaboration work around the world, we are pleased to share that we have continued to prove our commitment to security and privacy with the successful re-certification and demonstration of conformance to the International Organizations for Standardization’s (ISO) information security management system (ISMS) audit using the 27001:2013 framework!
ISO is an independent, non-governmental international organization with a membership of 161 national standard bodies. ISO is credited with publishing more than 2,100 international standards covering almost every industry from technology to food safety to aviation to healthcare.
Our ISO re-certification against 27001:2013 covers company-wide processes across AvePoint including the management, operation, and maintenance of the people and information assets, information systems, and the associated processes that enable corporate operations. It also covers the development and deployment of products and services provided to customers and employees of AvePoint, Inc.
In the current ISO certification cycle, AvePoint has raised the bar even higher to not only certify our company-wide processes against 27001:2013, but also to certify against ISO 27017:2015 with respect to the AvePoint Cloud Security Operations, including the SaaS services/solutions provided by AvePoint to its customers. Both of these certifications will last until 2024. The ISO 27017:2015 certification for our cloud solutions, along with our SOC 2 Type II certification that covers AvePoint’s full (Hybrid and Cloud) product offering, demonstrates our strong foundation and discipline necessary to develop and support some of the leading privacy and security products in the world.
As part of our Privacy and Security Program, we’ve implemented a governance structure through which we engage senior management on data privacy and security issues, align policies, procedures, and technical controls to demonstrate our process and commitment to our customers and users, and train each of our employees on all privacy and security expectations.
We also utilize a wide catalog of products that help us say what we do, do what we say, and prove it! These products allow us to understand how data is created and collected by our company, used, shared and stored, and ultimately end-of-lifed. We use products from not only Microsoft, but also AvePoint to identify, tag, and protect data, create and manage secure containers, and review and limit permissions (including our own Cloud Governance, Compliance Guardian, Perimeter, and PI).
This robust program combines people, processes, and technology to create a trustworthy platform for AvePoint’s employees, customers, partners, and investors. This information and more are available to share externally via our newly-designed “Trust Center.” This is a customer-facing resource center that provides information about our privacy, security, and accessibility programs along with our certifications.
In reality, we improve what we measure and we protect what we treasure. Our wide array of certifications provide independent validation of our ability to offer the highest levels of protection for sensitive data. Security and compliance–and the ability to adapt to evolving risks and requirements–are disciplines that must be practiced each day to ensure data protection, integrity, availability, and reliability. ISO certification represents a commitment to continually improve our information security and privacy programs. This is a great opportunity for AvePoint to say what we do, do what we say, and prove it!