Security Policy
You are here because security matters to you. We know you need to be sure your service providers (like us) take security as seriously as you do. Below you'll find more information on how we ensure the safety of your data in Avisi's Atlassian Apps.
ISO 27001 and 27701 Certification
ISO 27001 is an international standard providing requirements for an information security management system. We use this system to manage sensitive information and evaluate and mitigate security risks. As part of our certification we:
Continuously evaluate and improve our security, privacy and compliance processes and controls.
Have implemented a suite of information security controls to address security risks.
Systematically evaluate our information security risks, impact and vulnerabilities.
Have implemented an audit and compliance management process.
The ISO 27701 certificate serves as a complement to our ISO 27001 certification and enables us to demonstrate that we have complete control over privacy-related activities. To comply with this standard, we have focused on adhering to privacy protection measures, such as maintaining processing records and entering into data processing agreements with third-party processors.
Avisi Apps B.V. has received its current ISO 27001:2022 and ISO 27701:2019 certificate from Certicus in June 2023.
SOC 2 declaration
SOC 2 is an international standard for IT service providers to demonstrate how they manage (customer)data, based on a set of "Trust Services Criteria". These criteria include security, availability, integrity and confidentiality. Based on an assurance statement it is determined whether an organisation complies with SOC 2. Avisi Apps has been in possession of a SOC 2 Type II declaration since 2021.
Atlassian Cloud Security program
Avisi B.V. is part of the cloud security program with Atlassian. This is a collaboration between vendors and Atlassian to increase security awareness and improve security practices.
You can find more information about this program here.
Audits
Security is our top priority. To make sure our practices are up to standard, we are audited by an independent and certified third-party. We take their reports very seriously and have a process in place to address any issues that present risks to us or our customers.
Employees
We make sure that our employees can be trusted with your data:
All employees are in possession of a Certificate of Conduct for handling sensitive information.
All employees are trained to make security a priority.
Production data is only accessible by a select group of employees.
Production data access is registered by an audit log.
Production data access is controlled by the four-eyes principle.
We have 'employee leaving' procedures in place.
We only work on computers with full disk encryption and a strict locking policy.
Data Processing Addendum
We highly value privacy and the protection of your personal data. Therefore, we have put forward a Data Processing Addendum, tailored to our products and services. In the Data Processing Addendum, we mutually agree on how we handle and protect personal data on your behalf.
Avisi Cloud Apps
Our cloud apps don't completely run in Atlassian's host products. Part of their functionality is taken care of on our servers. Here is how we make sure that our cloud apps are secure:
Manage custom fields for Jira Cloud
Questions
If you have any questions regarding our security policy, please contact us here: https://avisi-support.atlassian.net/servicedesk/customer/portals.
Last updated