How does AVORD manage security and your data?
We take great care in managing the AVORD platform and the data contained within it. We understand that security is of utmost importance to our clients and we are leading the way in development of ever more robust approaches to the protection of our systems and your data.
1
Network and system security
At the point you register on the AVORD platform, the transmission of information between your device and our SaaS platform is protected using 256-bit TLS encryption.
At rest, AVORD encrypts all data using AES-256.
the security and quality controls have been certified under multiple compliance schemes to simplify your own compliance obligations.
We regularly install security updates and patches to keep our environment up to date.
2
Service reliability and durability
AVORD utilises industry-leading Amazon Web Services (AWS) hosting infrastructure. Backups are geo-redundantly replicated across multiple availability zones for data durability.
AVORD maintains business continuity and disaster recovery plans. Components of the disaster recovery plan include multiple site operations playbooks, which are regularly reviewed and rehearsed.
AVORD implements extensive service monitoring, and our support team is on call 24x7x365.
3
Platform security
Within the AVORD platform, collaborator permissions can be managed at the workspace level or the base level.
AVORD provides mandatory two-factor authentication (2FA) for you. For more details and instructions to configure 2FA, please contact our support team: support@avord.com
As AVORD provides a SaaS solution, a full DDoS mitigation managed services is implemented above the standard service offering from AWS.
4
Organization security
AVORD conducts rigorous vetting on all employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.
Employee workstations/laptops are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorised software or using portable media.
AVORD maintains separate production and testing environments.
5
Application security
AVORD runs automated application-level security scans on a daily basis, package dependency security advisory scans on a weekly basis, and endpoint scans on a monthly basis.
In addition to internal scans, AVORD commissions external penetration tests on a regular basis.
As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by AVORD.
6
Data privacy and portability
AVORD takes all data seriously, your data is no exception. AVORD does not sell or rent any customer information or information provided to the service. For more information, please review our Privacy Policy.
AVORD is fully compliant with the General Data Protection Regulation (“GDPR”). Learn more about AVORD and GDPR.
At any time, if you wish to leave the AVORD platform then please contact: support@avord.com with the subject heading ‘Account removal’ One of our support team will contact you to take you through the next steps
7
How to report an issue
If you believe you’ve discovered a security-related issue, please report the issue to support@avord.com