Platform

Products

Solutions

Resources

Company

Platform

Products

Solutions

Resources

Company

Compliance

Compliance

Aviso is committed to the highest levels of enterprise-grade security, industry specific regulatory compliance, data privacy and protection, and certification requirements

Aviso is committed to the highest levels of enterprise-grade security, industry specific regulatory compliance, data privacy and protection, and certification requirements

Aviso’s Commitment to GDPR

We have completed the internal self-assessment and compliance review as applicable to the GDPR regulation and implemented new controls around data privacy and protection.

We remain committed to protecting personal data in compliance with the highest standards of privacy and security.

What is GDPR?

General Data Protection Regulation – better known as GDPR, is a new privacy regulation in the EU that went into effect on May 25, 2018. GDPR standardizes data protection law across all EU countries and imposes new rules on controlling and processing Personally Identifiable Information (PII).

Who is affected?

The GDPR is a significant change in the data privacy landscape in the EU and clearly allocates the responsibility between the data controller (Aviso’s customers and partners) and the data processor (Aviso, Inc.) with respect to the processing of personal data. Under the GDPR, both the data controller and data processor have additional duties and obligations to protect personal data, and both face liability for any failures to comply with the GDPR requirements.

GDPR Principles and Aviso

Lawfulness, Fairness and Transparency

Aviso processes data as needed for our customers for the purposes explicitly laid out in our customer engagements.
Our privacy policy describes the data that we capture and how such information is used

Purpose Limitations

We will only collect data for the purposes of sales, analytics and optimization in accordance with our privacy policy. We will not use personal data for any other purpose

Data Minimization

We will only collect the adequate, relevant and limited amount of data required to perform our service

Accuracy

Aviso supports the data subject’s right to rectification, allowing them to ensure Aviso data is accurate either through a direct request to Aviso or to our customers

Storage Limitations

All the data subject’s data will be deleted within reasonable time after the termination of a customer engagement, as defined in the customer contract

Integrity and Confidentiality

Aviso has strong measures in place to ensure that our data is secure and protected by employing frequent security scans, penetration tests, and leveraging industry standard technologies to ensure that our data is safe.All personal data will be encrypted at rest and in transit.

SOC 2: Security, Availability & Confidentiality

Aviso has successfully completed our annual SOC 2 security audit. Aviso System and Organization Controls (SOC 2 Type II) Report provides our customers and users, an independent Service Auditor’s assessment of controls at Aviso that meet the AICPA Trust services Security, Availability, and Confidentiality Principles and Criteria.

Scope

This report is based on an independent auditors examination of Aviso, Inc’s sales vision platform based on the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2), and the suitability of the design and operating effectiveness of controls described therein to meet the criteria for the security, availability, and confidentiality principles set forth in AICPA TSP Section 100, Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (applicable trust services criteria).

Control Environment

Aviso is committed to establishing and monitoring an effective control environment and managing business risks to the company and the customer data managed by Aviso. Aviso’s management takes its organizational structure and responsibilities seriously and takes an active role in the governance of Company controls.

Management believes that a robust control environment is needed at all Company levels and maintains accountability for implementing daily operations, and communicating and monitoring the internal control structure, including relevant standards, policies, and procedures. Aviso requires all personnel to exercise integrity as a standard of performance and to provide high quality service and support to customers.

Security and Monitoring

Aviso has established and maintains a formal, documented company-wide Information Security Management Program that provides management direction and support for implementing information security within the Aviso environment. The objective of the program is to maintain the confidentiality, integrity, and availability of data and assets while complying with applicable legislative, regulatory, and contractual requirements.