AvePoint Renews SOC 2 Type II Certification and Achieves HITRUST CSF as Part of Ongoing Cyber Resilience Strategy

Post Date: 02/23/2024
feature image

As part of its comprehensive cyber resilience strategy, AvePoint has once again successfully completed the rigorous SOC 2 Type II audit, renewing our compliance with the gold standard for data security in the cloud for the fourth straight year. This achievement reflects AvePoint’s unwavering commitment to protecting customer data through stringent controls and practices.

In addition, AvePoint has enhanced its compliance posture by attaining HITRUST CSF v11.0.1 certification. This widely recognized healthcare sector framework validates that AvePoint implements the policies, procedures, and controls required as part of our cyber resilience approach to ensure the confidentiality and integrity of sensitive patient health information.

The Significance of SOC 2 Type II Attestation

SOC 2 Type II is an intensive audit conducted by independent reviewers to evaluate an organization’s information security policies, procedures, and operations. It provides assurance to customers that effective controls and practices are in place to protect their data in the cloud.

The SOC 2 review is based on Trust Services Criteria set forth by the American Institute of CPAs (AICPA) and examines security, availability, processing integrity, confidentiality, and privacy.

For Type II, auditors don’t just assess the design of controls, but also verify through detailed testing that they are operating effectively throughout the year. It provides valuable third-party validation that companies practice what they preach when it comes to cloud data security.

AvePoint successfully completing the meticulous SOC 2 Type II audit for the fourth consecutive year confirms our steadfast prioritization of customer data protection across solutions for Microsoft 365 backup, migration, management, and governance as a core element of our cyber resilience program.

HITRUST CSF Enhances Healthcare Data Security

While SOC 2 Type II attestation demonstrates AvePoint’s commitment to information security for all industries, our recent achievement of HITRUST CSF v11.0.1 certification highlights our focus on meeting the unique needs of the healthcare sector as part of our overall cyber resilience strategy.

HITRUST CSF v11.0.1 is the latest version of the framework that incorporates new requirements and updates from various authoritative sources, such as NIST SP 800-53 Rev 5, NIST Cybersecurity Framework v1.1, PCI DSS v3.2.1, FedRAMP High Baseline Rev 5, CSA CCM v3.0.1, GDPR, CCPA, and others.

HITRUST CSF v11.0.1 also introduces new features and enhancements, such as maturity scoring model, risk factor analysis, inheritance program expansion, assessment scoping tool improvement, and more.

By integrating complex compliance demands from healthcare regulations and standards into a single overarching framework, HITRUST CSF streamlines the process for organizations to effectively manage information risk and safeguard sensitive data like electronic health records, medical images, clinical trial data, and other protected health information (PHI).

Achieving HITRUST CSF v11.0.1 certification demonstrates AvePoint’s increasing commitment to implementing the security controls necessary to ensure the confidentiality, integrity, and availability of PHI handled by our SaaS solutions as part of our cyber-resilient approach to cloud data protection.

It’s a rigorous certification process that once again confirms AvePoint’s security controls meet the highest standards required for the healthcare industry.

A Culture of Security from the Inside Out

While independent audits provide external validation, AvePoint’s culture of security starts from within. We integrate information security practices into every level of the company as a core element of our cyber resilience strategy.

Our diligent and ongoing training ensures all employees understand their roles and responsibilities when it comes to data protection. We perform extensive due diligence on vendors and partners to guarantee they meet our high standards.

Regular internal audits and testing maintain tight security controls as both technology and threats continuously evolve. Our dedicated Chief Risk, Privacy and Information Security Officer oversees privacy and compliance strategies across the organization.

Looking Ahead with Confidence

Data security is not a point-in-time project for AvePoint – it’s an enduring commitment and central pillar of our cyber resilience program. We will continue building on our SOC 2 Type II and HITRUST CSF certifications by maintaining rigorous controls, pursuing additional attestations, and upholding our customer-centric approach to information protection.

These independent verifications offer assurance of AvePoint’s stability and security to customers, prospects, and partners worldwide. We encourage you to learn more about our approach to data protection and privacy in the AvePoint Trust Center.

Our culture of security starts from within, but third-party audits validate that our diligence extends to providing industry-leading solutions and services our customers can truly have confidence in as part of our unwavering commitment to cyber resilience.


As Vice President of Content & Communications at AvePoint, Chris is responsible for all external and internal corporate marketing communications. Chris brings more than 15 years of experience to his role at AvePoint, previously holding roles at EisnerAmper, BASF, MetLife and CRM Magazine. Chris received two American Society of Business Publication Editors (ASBPE) awards for feature articles on salesforce.com and generational trends.

View all posts by Christopher Musico

Subscribe to our blog