Avetta Achieves Four Major ISO Standards & the SOC 2 Type II Certifications


Avetta®, the leading provider of supply chain risk management (SCRM) software, today announced it has received ISO/IEC 27001:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2019, ISO/IEC 27701:2019 and SOC 2 Type II certifications for its strict compliance to data security, confidentiality, and integrity standards. For today’s businesses, ISO/IEC 27001:2013 and SOC 2 Type II compliance are recognized as the gold standards for security excellence.

These certifications demonstrate Avetta’s continuing best practices and deep commitment to information security within the organization and for its customers and confirm the ongoing efforts of Avetta to stand out among its competitors in achieving what matters most for its global customers of all sizes.

Following a multi-audit certification process, A-LIGN Compliance and Security, Inc., a third-party auditor and accredited certifying body accredited by the ANSI National Accreditation Board (ANAB) to perform certifications, determined that Avetta operates a Privacy Information Management System (PIMS) that conforms to the requirements of ISO/IEC 27701:2019, and that the implemented controls also extend to additional objectives included in ISO/IEC 27017:2015, ISO/IEC 27018:2019, ISO/IEC 27701:2019, established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

Specifically, these certifications demonstrate Avetta’s excellence in preserving the confidentiality, integrity and availability of information via rigorous risk management procedures, systems and controls. With these certifications, Avetta joins an elite group of organizations that have added to the requirements of ISO/IEC 27001:2013 by also achieving the related ISO/IEC certifications related to its cloud application and processing environment, which ensure its security practices are best-of-breed.

“Our customers rely on Avetta to keep their confidential information secure, and we take that responsibility extremely seriously,” said Mark Johnson, vice president of technology at Avetta. “These certifications are a testament to the work we’ve done to safeguard customer data and to help mitigate data security risks as a top priority for our organization.”

A-LIGN also determined that Avetta meets the required technical controls and formalized IT Security policies and procedures required of SOC 2 Type II and ISO-27001 standards. Avetta has implemented several defense-in-depth security measures and countermeasures that help protect it from unauthorized access or compromise, and IT personnel were found to be conscientious and knowledgeable in best practices.

Compliance with this internationally recognized standard confirms that Avetta’s security management program is comprehensive and follows industry best practices. The company’s commitment to information security at this level ensures that the security of data and information has been addressed, implemented and properly controlled in all areas of the organization as the standard requires.