Security Policy
You are here because security matters to you. We know you need to be sure your service providers (like us) take security as seriously as you do. Below you'll find more information on how we ensure the safety of your data in Avisi's monday.com Apps.
ISO 27001 and 27701 Certification
ISO 27001 is an international standard providing requirements for an information security management system. We use this system to manage sensitive information and evaluate and mitigate security risks. As part of our certification we:
Continuously evaluate and improve our security, privacy and compliance processes and controls.
Have implemented a suite of information security controls to address security risks.
Systematically evaluate our information security risks, impact and vulnerabilities.
Have implemented an audit and compliance management process.
The ISO 27701 certificate serves as a complement to our ISO 27001 certification and enables us to demonstrate that we have complete control over privacy-related activities. To comply with this standard, we have focused on adhering to privacy protection measures, such as maintaining processing records and entering into data processing agreements with third-party processors.
Avisi Apps B.V. has received its current ISO 27001:2022 and ISO 27701:2019 certificate from Certicus in June 2023.
SOC 2 declaration
SOC 2 is an international standard for IT service providers to demonstrate how they manage (customer)data, based on a set of "Trust Services Criteria". These criteria include security, availability, integrity and confidentiality. Based on an assurance statement it is determined whether a organisation complies with SOC 2. Avisi Apps has been in possession of a SOC 2 Type II declaration since 2021.
Audits
Security is our top priority. To make sure our practices are up to standard, we are audited by an independent and certified third-party. We take their reports very seriously and have a process in place to address any issues that present risks to us or our customers
Employees
We make sure that our employees can be trusted with your data:
All employees are in possession of a Certificate of Conduct for handling sensitive information.
All employees are trained to make security a priority.
Production data is only accessible by a select group of employees.
Production data access is registered by an audit log.
Production data access is controlled by the four-eyes principle.
We have 'employee leaving' procedures in place.
We only work on computers with full disk encryption and a strict locking policy.
Data Processing Addendum
We highly value privacy and the protection of your personal data. Therefore, we have put forward a Data Processing Addendum, tailored to our products and services. In the Data Processing Addendum, we mutually agree on how we handle and protect personal data on your behalf.
Avisi monday.com Apps
Our monday.com apps don't completely run in monday.com's host products. Part of their functionality is taken care of on our servers. Here is how we make sure that our Apps are secure.
Information below applies to the following apps:
GitLab integration
Integration for Bitbucket©
Tracket
Hosting
Our monday.com apps run on Google Cloud computing services. Google has published a security statement, which you can find here: Google Cloud Security Statement.
We ensure stability, scalability and high availability by addressing the following:
Access to our servers is heavily restricted.
Product security
Our products process sensitive information. We make sure that our products are as secure as possible by attending to the following things:
TLS 1.2+ encrypted connections to and from our servers.
TLS 1.2+ encrypted connections between our servers.
HSTS to prevent downgrade attacks and cookie hijacking.
MITM-attack prevention.
Backups
We make sure that your data is stored safely by making regular backups of your data.
Questions
If you have any questions regarding our security policy, please contact us here: https://avisi-support.atlassian.net/servicedesk/customer/portals.
Last updated