Avatier Security, Privacy & Compliance
Certifications & Affiliations
Avatier complies with a number of industry-standard frameworks. These include
SOC 2 Type I - Type II
Avatier has successfully achieved SOC 2 Type II certification. This independent validation confirms our controls are not only well-designed but are operating effectively over time. This certification forms the foundation of our ongoing trust and security program.
ISO 27001:2013
Avatier has achieved ISO 27001:2013 Certification, attesting to the commitment of Avatier's leadership to a secure service for our customers.
LGPD
Brazil's Lei Geral de Proteção de Dados (LGPD) establishes data privacy rights for Brazilian residents. Avatier's platform supports LGPD compliance requirements for customers operating in Brazil.
CSA STAR
As a member of the Cloud Security Alliance, Avatier collaborates with other cloud technology companies to promote best practices for identity management and governance.
Encryption
Encryption at Rest & In Transit All customer data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Encryption keys are managed via a dedicated Key Management System (KMS).
Avatier complies with a number of industry-standard frameworks. These include
A Message from Our CISO
In the dynamic tech landscape, security is foundational – it’s about enabling our customers to thrive securely. As Avatier’s CISO, I believe security must accelerate your business, not impede it.
Our approach is proactive, leveraging cutting-edge solutions to ensure the confidentiality, integrity, and availability of your critical assets. We’re constantly evolving our defenses, from advanced threat detection to robust identity and access management.
Compliance and certification are core to our commitment. We rigorously adhere to leading frameworks like ISO 27001, NIST 800-53, SOC 2, and the Cloud Security Alliance. These aren’t just checkboxes; they’re living principles driving continuous independent evaluations and internal assessments, ensuring our security posture remains ahead of the curve.
At Avatier, security, privacy, and compliance are woven into our culture. I invite you to explore how our comprehensive framework can empower your organization to innovate with confidence. We’re also continuously expanding our global compliance efforts. For any questions, please contact our team. Your interest in Avatier’s program is highly valued.
All the best,
Dr. Sam Wertheim
Chief Information Security Officer
Compliance Requirements
Helping you meet the demands of regulatory compliance
GDPR
General Data Protection Regulation (GDPR) Avatier Identity Anywhere provides a secure baseline for GDPR compliance and helps to reduce risk accross your enterprise
NIS2
Enhances cybersecurity across the EU by ensuring digital service providers implement strong security measures, report significant incidents, and hold top management accountable.
DORA
Focuses on the digital operational resilience of the financial sector, requiring robust IT system protection, incident response plans, regular testing, and monitoring of third-party providers.
FedRAMP
Avatier has an official authorized status with the Federal Risk and Authorization Management Program (FedRAMP) Moderate authority to operate (ATO).
HIPAA
Avatier holds a HIPAA compliance attestation and provides a dedicated HIPAA-compliant service instance designed for healthcare organizations and their partner networks. Our Identity Governance and Administration (IGA) solutions support the core HIPAA Security Rule safeguards — Administrative (§164.308), Physical (§164.310), and Technical (§164.312) — helping ensure that only authorized staff can access Protected Health Information (PHI) throughout your organization.
ICIT
As ICIT Fellow Program Members we are part of an elite group of global leaders who provide education to the cybersecurity, business, and national security communities.
IDSA
As a members of IDSA, Avatier contributes to developing best practices and educating technology professionals about issues related to Identity Access Management (IAM) and Identity Governance and Administration (IGA).
NIST
Avatier's IAM and IGA software allows agencies automate compliance regulations such as the National Institute of Standards and Technology that require 24/7 governance over identities, access to sensitive information and the management of critical systems.
NYDES
Avatier complies with the access requirements specified in the constantly-envolving New York Department of Financial Services security regulations.
OWASP
Avatier and the Open Web Application Security Project Foundation (OWASP) work to improve the security of software through community-led open source software projects.
PCI DSS
Avatier holds a PCI Attestation of Compliance (AOC), validating that its identity management and Multi-Factor Authentication (MFA) solutions meet current PCI-DSS requirements. This attestation confirms Avatier as a compliant, supporting system for organizations that need to secure cardholder data environments — enabling customers to confidently leverage Avatier within their own PCI compliance programs.