Security Policy
You are here because security matters to you. We know you need to be sure your service providers (like us) take security as seriously as you do. Below you'll find more information on how we ensure the safety of your data in Avisi's monday.com Apps.

ISO 27001 Certification

ISO 27001 is an international standard providing requirements for an information security management system. We use this system to manage sensitive information and evaluate and mitigate security risks. As part of our certification we:
  • Continuously evaluate and improve our security, privacy and compliance processes and controls.
  • Have implemented a suite of information security controls to address security risks.
  • Systematically evaluate our information security risks, impact and vulnerabilities.
  • Have implemented an audit and compliance management process.
Avisi Apps B.V. has received its current ISO 27001:2017 certificate from Certicus in June 2020.

SOC 2 declaration

SOC 2 is an international standard for IT service providers to demonstrate how they manage (customer)data, based on a set of "Trust Services Criteria". These criteria include security, availability, integrity and confidentiality. Based on an assurance statement it is determined whether a organisation complies with SOC 2. Avisi Apps has been in possession of a SOC 2 Type II declaration since 2021.

Audits

Security is our top priority. To make sure our practices are up to standard, we are audited by an independent and certified third-party. We take their reports very seriously and have a process in place to address any issues that present risks to us or our customers

Employees

We make sure that our employees can be trusted with your data:
  • All employees are in possession of a Certificate of Conduct for handling sensitive information.
  • All employees are trained to make security a priority.
  • Production data is only accessible by a select group of employees.
  • Production data access is registered by an audit log.
  • Production data access is controlled by the four-eyes principle.
  • We have 'employee leaving' procedures in place.
  • We only work on computers with full disk encryption and a strict locking policy.

Data Processing Addendum

We highly value privacy and the protection of your personal data. Therefore, we have put forward a Data Processing Addendum, tailored to our products and services. In the Data Processing Addendum, we mutually agree on how we handle and protect personal data on your behalf.

Avisi monday.com Apps

Our monday.com apps don't completely run in monday.com's host products. Part of their functionality is taken care of on our servers. Here is how we make sure that our Apps are secure.
Information below applies to the following apps:
  • GitLab integration
  • Integration for Bitbucket©
  • Tracket

Hosting

Our monday.com apps run on Google Cloud computing services. Google has published a security statement, which you can find here: Google Cloud Security Statement.
We ensure stability, scalability and high availability by addressing the following:
  • Access to our servers is heavily restricted.

Product security

Our products process sensitive information. We make sure that our products are as secure as possible by attending to the following things:
  • TLS 1.2+ encrypted connections to and from our servers.
  • TLS 1.2+ encrypted connections between our servers.
  • HSTS to prevent downgrade attacks and cookie hijacking.
  • MITM-attack prevention.

Backups

We make sure that your data is stored safely by making regular backups of your data.

Questions

If you have any questions regarding our security policy, please contact us here: https://avisi-support.atlassian.net/servicedesk/customer/portals.