Avatier Security, Privacy & Compliance
A Message from Our CISO
In the dynamic tech landscape, security is foundational – it’s about enabling our customers to thrive securely. As Avatier’s CISO, I believe security must accelerate your business, not impede it.
Our approach is proactive, leveraging cutting-edge solutions to ensure the confidentiality, integrity, and availability of your critical assets. We’re constantly evolving our defenses, from advanced threat detection to robust identity and access management.
Compliance and certification are core to our commitment. We rigorously adhere to leading frameworks like ISO 27001, NIST 800-53, SOC 2, and the Cloud Security Alliance. These aren’t just checkboxes; they’re living principles driving continuous independent evaluations and internal assessments, ensuring our security posture remains ahead of the curve.
At Avatier, security, privacy, and compliance are woven into our culture. I invite you to explore how our comprehensive framework can empower your organization to innovate with confidence. We’re also continuously expanding our global compliance efforts. For any questions, please contact our team. Your interest in Avatier’s program is highly valued.
All the best,
Dr. Sam Wertheim
Chief Information Security Officer
Certifications & Affiliations
Avatier complies with a number of industry-standard frameworks. These include
SOC 2 Type I - Type II
Avatier is in the Final Stages of SOC 2 Certification.
CSA STAR
As a member of the Cloud Security Alliance, Avatier collaborates with other cloud technology companies to promote best practices for identity management and governance.
ISO 27001:2013
Avatier has achieved ISO 27001:2013 Certification, attesting to the commitment of Avatier's leadership to a secure service for our customers.
Compliance Requirements
Helping you meet the demands of regulatory compliance
GDPR
General Data Protection Regulation (GDPR) Avatier Identity Anywhere provides a secure baseline for GDPR compliance and helps to reduce risk accross your enterprise
NIS2
Enhances cybersecurity across the EU by ensuring digital service providers implement strong security measures, report significant incidents, and hold top management accountable.
DORA
Focuses on the digital operational resilience of the financial sector, requiring robust IT system protection, incident response plans, regular testing, and monitoring of third-party providers.
FedRAMP
Avatier has an official authorized status with the Federal Risk and Authorization Management Program (FedRAMP) Moderate authority to operate (ATO).
HIPAA
Our HIPAA Compliant Service instance prevents unauthorized access to personal health information throughout a medical organization and its partner network.
ICIT
As ICIT Fellow Program Members we are part of an elite group of global leaders who provide education to the cybersecurity, business, and national security communities.
IDSA
As a members of IDSA, Avatier contributes to developing best practices and educating technology professionals about issues related to Identity Access Management (IAM) and Identity Governance and Administration (IGA).
NIST
Avatier's IAM and IGA software allows agencies automate compliance regulations such as the National Institute of Standards and Technology that require 24/7 governance over identities, access to sensitive information and the management of critical systems.
NYDES
Avatier complies with the access requirements specified in the constantly-envolving New York Department of Financial Services security regulations.
OWASP
Avatier and the Open Web Application Security Project Foundation (OWASP) work to improve the security of software through community-led open source software projects.
PCI
Avatier has a PCI Attestation of Compliance and our MFA is a compliant multi-factor solution under current PCI-DSS requirements, enabling our customers to use Avatier as a supporting system for PCI compliance.