In today’s interconnected world, digital privacy has emerged as a significant concern. The increasing scope, complexity, and cost of cybersecurity threats pose a significant threat to global stability. Governments worldwide are enacting privacy regulations to protect individuals and organizations from these risks. But how can businesses keep up with these evolving requirements while ensuring their own security?
We are excited to share that AvePoint has achieved ISO 27701:2019 certification, marking a significant milestone in our commitment to data protection. This is the second consecutive year that our auditors have recommended us for certification against ISO 27001:2013 and 27017:2015, with zero non-conformities. As organizations worldwide intensify their scrutiny of vendors managing and accessing their personally identifiable information (PII) and sensitive data, this achievement highlights AvePoint’s dedication to meeting their trust and security expectations.
The Story Behind ISO 27701 and Its Significance
As global businesses operate in different jurisdictions, complying with diverse privacy regulations becomes a complex challenge. In 2019, ISO introduced ISO 27701 — a standard designed to help organizations meet global privacy requirements irrespective of the countries they operate in. ISO 27701 complements ISO 27001 by specifying the necessary additional requirements for privacy protection. This standard provides a comprehensive framework for establishing, implementing, maintaining, and continually improving a privacy-focused management system for personal data.
AvePoint’s Role as a Controller and Processor of Data
At AvePoint, as an international organization with 25 global offices, we provide services on a global scale. While our customers and partners retain their data in regional data centers, our employees may access customer information on a need-to-know basis to support various functions, including sales, billing, technical assistance, fraud prevention, and more. This evolution in our role signifies that AvePoint is not merely a data processor but also a controller of personal information.
AvePoint collects personal information from different entities:
Employees: We collect personal information for recruitment, evaluation, hiring, training, and employee management purposes during their tenure.
Suppliers/Partners: Personal information is collected to select, evaluate, integrate, and ensure secure configuration and exit.
Customers: Personal information is collected throughout the customer lifecycle, encompassing marketing, sales, contractual review, customer success, monitoring, and communication with stakeholders.
Personal Data Principals: This category includes customers, supervisory authorities, other controllers and processors, sub-contractors, and sub-processors involved in the processing of personally identifiable information (PII).
AvePoint acts as a processor for the following types of data:
Customer Data: This comprises all data, objects, and containers residing in the customer’s environments, including backup data, migration services, and other relevant cases.
Support and Consulting Data: This includes various data formats (text, sound, video, image files, software) provided by customers for professional services or support engagements.
Empowering Privacy Compliance with ISO 27701
AvePoint’s achievement of ISO 27701 certification showcases our dedication to protecting personal data and complying with privacy regulations. This certification solidifies AvePoint’s position as a trusted partner for organizations seeking robust privacy information management systems. By adopting ISO standards, we empower businesses to navigate privacy requirements across jurisdictions effectively, ensuring the security of sensitive information and fostering trust in the digital realm.
As digital privacy concerns continue to escalate, AvePoint’s ISO 27701 certification demonstrates our unwavering commitment to safeguarding personal data and adhering to privacy regulations. We remain steadfast in our mission to provide organizations with comprehensive privacy information management solutions. To learn more about our commitment to privacy and data protection, please visit the AvePoint Trust Center.
Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities.
Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School.
LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en
Twitter: http://www.twitter.com/danalouise