Data is more Powerful when Protected
See why millions of users trust us to enable secure experiences
SECURITYSecurity is in our DNA
AvePoint understands the importance of security and operational risk management.
We are committed to your security and providing you with relevant metrics that help you make decisions that are proactive rather than reactive. While your automated detection technologies can help you build this program, it truly must be done in combination with policies, education and measurement, that organizations can appropriately balance collaboration and transparency with data protection and privacy.
We seek to earn your trust not only with robust security and privacy practices and policies, but with the way we operate and organize our business. Our Corporate Governance guidelines and code of conduct are available for anyone to review.
Should you have questions about our security programs, please feel free to contact us email@example.com.
PRIVACYYour Privacy is our Priority
AvePoint is committed to the privacy and security of our customer and employee personal information.
AvePoint has a policy of transparency regarding our data collection, use, retention and sharing practices. It is our commitment to implement appropriate technical security measures to protect all AvePoint stakeholder and manage 3rd party risk.
AvePoint uses this foundation and discipline to develop market-leading privacy and security products and deliver world class customer service.
Our Privacy and Security Program dictates a governance structure whereby we:
Engage senior management on data privacy and security issues.
Align policies, procedures, and technical controls to demonstrate our process and our commitment to our customers and users.
Train each of our employees on all privacy and security expectations.
Should you have questions about our privacy programs, please feel free to contact us firstname.lastname@example.org.
ACCESSIBILITYWeb For All
AvePoint is committed to making this website as accessible as possible to persons with varying abilities or personal preferences.
Please note that although many documents and applications on this site are accessible to machine-reading devices, some legacy documents and applications are not. Our efforts to retrofit and/or upgrade non-accessible information are ongoing.
If you are experiencing difficulties accessing information or would like other information on or about this site, please contact us by emailing email@example.com.
Accessibility information for employment opportunities:
We value diverse experiences, backgrounds and perspectives among our employees, and see them as a competitive advantage. For additional information, please visit our AvePoint careers page.
We encourage you to request a reasonable accommodation if you are unable or limited in your ability to use or access the AvePoint careers site.
Accommodation requests can be made by emailing firstname.lastname@example.org.
Our Company Processes, Services, and Software have obtained industry-leading Security, Privacy, and Accessibility certifications
AvePoint has submitted the CSA STAR Self Attestation for AOS to complement our ISO 27001:2013 and ISO 27017:2015 certifications.
Using the Microsoft 365 Badge and associated marketing materials
The Microsoft 365 Certification logo demonstrates that an app has been reviewed for conformance to controls put forth by Microsoft which meticulously evaluate data security and privacy practices. You may use the Microsoft 365 Certification logo at the express written consent of Microsoft upon completion of the Microsoft 365 Certification. If your certification is revoked, or the recertification process is not started within one year from the day the certification was awarded, you must discontinue use of all Microsoft 365 Certification related marketing materials.
This logo can be used on websites, press releases, and other forums where it pertains specifically to the application which has completed the Microsoft 365 Certification process. The logo must be presented in a reasonable size and location within the digital content.
The following statement must accompany the logo: “Apps with the Microsoft 365 Certification logo represents that this app has achieved Microsoft 365 Certification. In addition to app security, this program reviews the practices and procedures the app publisher employs. While customer data is under control of the app publisher, you can rest assured that Microsoft has validated that the app will handle it in a safe and secure manner.”
FedRAMP Authorized Certification
Our cloud services are fully authorized as a FedRAMP Accredited SaaS solution for use across all agencies at the Moderate impact level. We received agency-sponsored authority to operate (ATO) in April 2021.
Our SaaS solutions are currently hosted in the US East Government Azure Data Center, a FedRAMP Accredited, GCC High data center that follows the certifications and accreditations for FedRAMP High as well as the Department of Defense Impact Level 5. The service is not pursuing FedRAMP Authorization, but is managed by an operations team consisting only of US persons
SOC2 Certification for Service Organizations
AvePoint has earned the System and Organization Controls (SOC) 2 Type II certification that covers AvePoint Online Services (AOS), AvePoint Migration Platform (AMP), DocAve, Compliance Guardian, Governance Automation, and Records, that collectively migrate, manage, and protect data across cloud and on-premises collaboration systems.
The SOC 2 Type II audit and attestation, conducted by an independent CPA firm, confirms that AvePoint meets the strict information security and privacy standards for the handling of highly sensitive customer data established by the American Institute of Certified Public Accountants (AICPA). Our report is issued by independent third-party auditors and covers the principles of Security, Availability, Confidentiality, and Privacy.
ISO 27001:2013 – Information Security
AvePoint has received ISO 27001:2013 certification with respect to secure software development and maintenance process including support business functions like Infosec, IT, HR, Sales and Marketing, Project Management, Operations and Call Center. Learn more: Kompleye
ISO 27017:2015 – Cloud Security
AvePoint has received ISO 27017:2015 certification with respect to the AvePoint Cloud Security Operations, including the SaaS services/solutions provided by AvePoint to its customers. Learn more: Kompleye
Information Security Registered Assessors Program (IRAP) Assessment
AvePoint was assessed against official IRAP controls to verify its commitment to, and expertise in, protecting sensitive Australian government data. Sponsored by the Australian Transport Safety Bureau (ATSB), this assessment confirms that AvePoint adheres to the standard of cybersecurity and information security assessments for ICT systems processing or storing government information.
Industry Associations and Memberships
AvePoint participates with globally renowned associations and memberships to stay updated with current trends and proactively respond to security challenges.
Cybersecurity Tech Accord Member
AvePoint is one of more than 100 organizations that have signed the Cybersecurity Tech Accord pledging to help create a safer online world by fostering collaboration among global technology companies committed to protecting their customers and users and helping them defend against malicious threats. Learn more: AvePoint Has Joined the Cybersecurity Tech Accord! | AvePoint Blog
IAPP Corporate Member
Growing cybersecurity threats are questioning the security policies and practices of big to small corporations alike. AvePoint is committed to build a culture that values privacy and security. The partnership with the International Association of Privacy Professionals (IAPP) has helped AvePoint build a competent workforce to proactively address privacy threats regardless of their magnitude.
The IAPP is a resource for professionals who want to develop and advance their careers by helping their organizations successfully manage these risks and protect their data. IAPP is the world’s largest and most comprehensive global information privacy community.
Center for Information Policy Leadership
AvePoint has partnered with CIPL (Center for Information Policy Leadership) to continuously build a stronger security stance that helps AvePoint stay secure regardless of the growing security challenges in a dynamic business environment. The Centre for Information Policy Leadership (CIPL) is a global privacy and security think tank based in Washington, DC, Brussels and London. CIPL works with industry leaders, regulatory authorities and policy makers to develop global solutions and best practices for privacy and responsible use of data to enable the modern information age. Learn more: AvePoint Further Aligns with Global Privacy Community through Centre for Information Policy Leadership Membership | AvePoint SG
AvePoint products and solutions ensure security, enable compliance, and prevent data loss
Secure Your Collaboration with AvePoint
Our products can be used to simplify security and compliance management for your organization and have helped organizations, including AvePoint, achieve compliance success! Our solutions, processes, and people follow industry standards and best practices for security and compliance. No matter your objective or priority, we can help.
Assess and validate your systems to understand and inventory data and flows. Implement process and controls to support privacy and security by design to comply with GDPR and other regulations. Track progress over time to provide evidence of compliance.
Manage and protect your information throughout its entire lifecycle to comply with retention, disposition, classification, and other policy guidelines. Easily monitor access controls, enable strong security, spending and best practices protocols all from one place.
Prevent data loss with robust information and platform security solutions. Back your data-centric audit and protection with our world-class backup software.
Security Notices and Alerts
Spring4Shell Vulnerability notification: View
Compliance Guardian Vulnerability 12172021: View
AvePoint/Java Zero-day Vulnerability Notification: View
Kaseya Vulnerability Notification: View
Compliance Guardian Vulnerability 07162021: View
AvePoint/Microsoft Exchange Server Notification: View
AvePoint/SolarWinds Notification: View
AvePoint Security Notice 07172017: View
Read our Security and Privacy Blogs
3 Questions Every Business Should Ask About Microsoft 365 Security
Dana S. - 04/15/2021
With privacy breaches and security threats making the nightly news around the world, it’s becoming increasingly obvious to most enterprise organizations that personal information and the sensitive data that companies hold is an extremely valuable currency.
Why Passwordless Authentication is the Future (and How to Get Started)
Adrian Valencia - 04/08/2021
Having a strong defense against data threats is of the utmost importance for any organization.
SharePoint Permissions: Best Practices for Modern Information Architecture
Joy T. Apple 02/08/2021
Permissions and security in SharePoint have always been a little tricky. This is in part because we find ourselves trying to make security fit into the organic patterns we as humans work in. But security tends to be more rigid.
Take the next step towards collaboration with confidence
Thank you for your submission.