Microsoft 365 Compliance Badge

AvePoint has officially obtained the Microsoft 365 Compliance Badge. Microsoft 365 Certification offers assurance in meeting data and privacy standards when a third-party Office app or add-in is installed in a Microsoft 365 ecosystem. The badge ensures that that an app solution is compliant against criteria described in the Microsoft 365 Certification Submission Guide. The Microsoft 365 Certification logo also means that an app has been reviewed for conformance to controls put forth by Microsoft in its security standards. Learn more: What is Microsoft 365 Certification? - Microsoft 365 App Certification | Microsoft Docs

FedRAMP Authorized Certification

Our cloud services are fully authorized as a FedRAMP Accredited SaaS solution for use across all agencies at the Moderate impact level. We received agency-sponsored authority to operate (ATO) in April 2021.

Our SaaS solutions are currently hosted in the US East Government Azure Data Center, a FedRAMP Accredited, GCC High data center that follows the certifications and accreditations for FedRAMP High as well as the Department of Defense Impact Level 5. The service is not pursuing FedRAMP Authorization, but is managed by an operations team consisting only of US persons

SOC2 Certification for Service Organizations

AvePoint has earned the System and Organization Controls (SOC) 2 Type II certification that covers AvePoint Online Services (AOS), AvePoint Migration Platform (AMP), DocAve, Compliance Guardian, Governance Automation, and Records, that collectively migrate, manage, and protect data across cloud and on-premises collaboration systems.

The SOC 2 Type II audit and attestation, conducted by an independent CPA firm, confirms that AvePoint meets the strict information security and privacy standards for the handling of highly sensitive customer data established by the American Institute of Certified Public Accountants (AICPA). Our report is issued by independent third-party auditors and covers the principles of Security, Availability, Confidentiality, and Privacy.

ISO 27001:2013 – Information Security

AvePoint has received ISO 27001:2013 certification with respect to secure software development and maintenance process including support business functions like Infosec, IT, HR, Sales and Marketing, Project Management, Operations and Call Center. Learn more: ControlCase

ISO 27017:2015 – Cloud Security

AvePoint has received ISO 27017:2015 certification with respect to the AvePoint Cloud Security Operations, including the SaaS services/solutions provided by AvePoint to its customers. Learn more: ControlCase

Information Security Registered Assessors Program (IRAP) Assessment

AvePoint was assessed against official IRAP controls to verify its commitment to, and expertise in, protecting sensitive Australian government data. Sponsored by the Australian Transport Safety Bureau (ATSB), this assessment confirms that AvePoint adheres to the standard of cybersecurity and information security assessments for ICT systems processing or storing government information.