Privacy and Security in the Avature Cloud

Avature first achieved its ISO certification in 2017. This globally recognized, standards-based approach to security outlines Avature’s information security management system (ISMS). Avature is independently audited and assessed against this standard annually, with recertification occurring on a triennial basis.

Avature achieved its ISO 27017 certification in 2021. This globally recognized, standards-based approach to security outlines Avature’s information security management system (ISMS).

Avature first achieved its SOC 1 certification in 2013. The SOC 1, composed of the former SAS 70 and SSAE 18 certifications, covers the technical and financial controls that could potentially impact the financial statements of customers within the context of their service relationship with Avature. The SOC 1 financial control mandates also assist Avature’s customers in meeting their compliance obligations under section 404 of the Sarbanes Oxley Act of 2002. The audit frequency for SOC 1 is annual.

Avature first achieved its SOC 2 certification in 2016. The scope of Avature’s SOC 2 covers the extent to which Avature’s systems and processes comply with the five trust principles of security, availability, processing integrity, confidentiality and privacy. These five principles are further divided into the common criteria domains of control environment, information and communication, risk assessment, monitoring activities, control activities, logical and physical access, system operations, change management and risk management. Like the SOC 1 certification, the audit frequency for this report is annual

Avature is a participant in the EU-U.S., the UK extension to the Data Privacy Framework and the Swiss-U.S. Data Privacy Framework. The Data Privacy Framework program requires organizations to self-certify and publicly commit to complying with Framework principles.

The International Association of Privacy Professionals is the world’s largest and most comprehensive global information privacy community resource. Avature has been a contributing member since 2016.

The Cloud Security Alliance (CSA) Security, Trust, Assurance and Risk (STAR) Program consolidates current information regarding our control environment into an industry-standard questionnaire known as the Consensus Assessment Security Questionnaire (CAIQ). This document provides Avature customers with an in-depth view of the Avature control environment.

Avature has been an authorized G-Cloud service provider for the UK public sector since July 2018. Our services have been approved for sale and are available through the framework’s Digital Marketplace

Avature self-certifies compliance with Payment Card Industry (PCI) Data Security Standard (DSS) requirement and uses PCI Security Standards Council (SSC) Approved Vulnerability Scanning (AVS) Vendors to periodically test the Avature platform.

Avature complies with the National Institute of Standards and Technology (NIST) 800-171 standard for the protection of Controlled Unclassified Information (CUI) in nonfederal information systems and organizations, as well as the NIST Cybersecurity Framework (CSF).

Avature follows the Open Web Application Security Project (OWASP) standards for secure coding practices and has established internal systems development lifecycle controls (SDLC) to ensure compliance.

Avature has also partnered with the cloud security experts at Veracode. Working with our security and development teams, Veracode provides Avature multiple security analysis technologies and tools aimed at reducing risk across our application landscape. Security assessments include static analysis, dynamic analysis, mobile application behavioral analysis and software composition analysis.

Avature has satisfied all requirements to become fully registered on the FSQS supplier qualification system, as set out by participating buying organizations. The FSQS Registered Mark is valued by some of the largest purchasers in the financial sector and indicates that Avature has gone through the process required to demonstrate its commitment and credentials to the industry.

Our software company delivers secure solutions for the healthcare industry, fully compliant with HIPAA regulations. We protect sensitive health data with advanced encryption and access controls, ensuring legal compliance and data security.

Our software company is Cyber Essentials Plus certified, providing robust, industry-standard protection against cyber threats. We implement cutting-edge security measures to ensure your data and systems are secure, adhering to the latest cybersecurity protocols.