Our established operational requirements support the achievement of security commitments, aligned with laws and regulations and other relevant system requirements. Avetta’s system policies and procedures, system design documentation, and contracts with clients are all driven by these security focused requirements, showcasing our organization-wide approach to how systems and data are protected. This includes policies around how the service is designed and developed, how the system is operated, how the internal business systems and networks are managed and how employees are hired and trained.
Technology
Built on industry leading infrastructure from Amazon Web Services (AWS) and embracing additional layers of security, Avetta has documented compliance demonstrating our commitment to security. As such, Avetta has implemented or performs the following on a regular basis:
Avetta is ISO 27001 certified and has received third-party accreditation from the International Standards Organization.
Penetration Testing, Vulnerability and Patch Management, Logging, and Security Information & Event Management (SIEM) are all leveraged to test and maintain the security of Avetta solutions.
TLS 1.2/1.3 and AES-256 encryption technologies are used to drive secure user connections to our platform and protect data while in transit and at rest.
Data centers are redundant and geographically dispersed with automated failover and backup processes to ensure data availability to our clients.
Avetta is Payment Card Industry Data Security Standard (PCI-DSS) compliant to help secure and protect our entire payment card processes.
Avetta utilizes AWS, a platform constantly innovating to meet the requirements of an extensive list of global security standards, including ISO 27001, SOC, the PCI Data Security Standard, etc. Learn more about the security benefits provided by AWS
Process
Avetta has established many documented plans, policies, and procedures to ensure security is appropriately implemented throughout the organization. For example, the following documents or processes have been created and are reviewed regularly:
With customers across the globe, Avetta actively monitors and complies with applicable global regulatory requirements, which provides customer data the level of protection required.
Overarching policy that supports the governance and implementation of the Avetta security approach.
Avetta follows the Open Web Application Security Project (OWASP) standards in our development. We use tools to detect compliance with the OWASP Top-10 to ensure protection against the most critical web application security risks.
Mitigation and business recovery strategies to drive ongoing operations of Avetta SaaS product and service offerings
Guides the team in the event of an incident (whether actual or suspected), ensuring appropriate incident identification, response and notification processes are followed.
Avetta employs a highly disciplined release process that involves extensive testing, review, and documentation to evaluate the potential security effect of system changes & acquisitions.
People
Avetta actively employs highly skilled leaders and subject matter experts who oversee and manage the overall security posture of Avetta.
addresses any security incidents.
maintaining a secure work environment and creates awareness to potential threats.
standards of security throughout the organization. Given the continuous, evolving nature of security, Avetta remains
available to our clients to share additional detail about our security approach (non-disclosure agreement must be in
place).