Compliance

Here you can find the following information on compliance related to:

Aviso’s Commitment to GDPR

General Data Protection Regulation – better known as GDPR, is a new privacy regulation in the EU that went into effect on May 25, 2018. GDPR standardizes data protection law across all EU countries and imposes new rules on controlling and processing Personally Identifiable Information (PII).

Who is affected?

The GDPR is a significant change in the data privacy landscape in the EU and clearly allocates the responsibility between the data controller (Aviso’s customers and partners) and the data processor (Aviso, Inc.) with respect to the processing of personal data. Under the GDPR, both the data controller and data processor have additional duties and obligations to protect personal data, and both face liability for any failures to comply with the GDPR requirements.

What are we doing?

Aviso has completed the internal self-assessment and compliance review as applicable to the GDPR regulation and implemented new controls around data privacy and protection. We remain committed to protecting personal data in compliance with the highest standards of privacy and security.

GDPR Principles and Aviso

  1. Lawfulness, Fairness and Transparency
    1. Aviso processes data as needed for our customers for the purposes explicitly laid out in our customer engagements
    2. Our privacy policy describes the data that we capture and how such information is used
  2. Purpose Limitations
    1. We will only collect data for the purposes of sales, analytics and optimization in accordance with our privacy policy. We will not use personal data for any other purpose
  3. Data Minimization
    1. We will only collect the adequate, relevant and limited amount of data required to perform our service
  4. Accuracy
    1. Aviso supports the data subject’s right to rectification, allowing them to ensure Aviso data is accurate either through a direct request to Aviso or to our customers
  5. Storage Limitations
    1. All the data subject’s data will be deleted within reasonable time after the termination of a customer engagement, as defined in the customer contract
  6. Integrity and Confidentiality
    1. Aviso has strong measures in place to ensure that our data is secure and protected by employing frequent security scans, penetration tests, and leveraging industry standard technologies to ensure that our data is safe.
    2. All personal data will be encrypted at rest and in transit.

Updated Privacy Policy

We have also published an updated privacy policy governing our products. The new privacy policy reflects our decision to extend key rights under the new GDPR to consumers around the world, in relation to their personal information. It also incorporates more specific information and changes related to GDPR. You can read the new privacy policy here.

Contacting Aviso

If you are a citizen of the European Union and would like to contact Aviso regarding your personal data, please send an email to privacy@aviso.com

SOC 2: Security, Availability & Confidentiality

Aviso has successfully completed our annual SOC 2 security audit. Aviso System and Organization Controls (SOC 2 Type II) Report provides our customers and users, an independent Service Auditor’s assessment of controls at Aviso that meet the AICPA Trust services Security, Availability, and Confidentiality Principles and Criteria.

Scope

This report is based on an independent auditors examination of Aviso, Inc’s sales vision platform based on the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2), and the suitability of the design and operating effectiveness of controls described therein to meet the criteria for the security, availability, and confidentiality principles set forth in AICPA TSP Section 100, Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (applicable trust services criteria).

Control Environment

Aviso is committed to establishing and monitoring an effective control environment and managing business risks to the company and the customer data managed by Aviso. Aviso’s management takes its organizational structure and responsibilities seriously and takes an active role in the governance of Company controls. Management believes that a robust control environment is needed at all Company levels and maintains accountability for implementing daily operations, and communicating and monitoring the internal control structure, including relevant standards, policies, and procedures. Aviso requires all personnel to exercise integrity as a standard of performance and to provide high quality service and support to customers.

Security and Monitoring

Aviso has established and maintains a formal, documented company-wide Information Security Management Program that provides management direction and support for implementing information security within the Aviso environment. The objective of the program is to maintain the confidentiality, integrity, and availability of data and assets while complying with applicable legislative, regulatory, and contractual requirements.

Note: Our latest SOC 2 report is available to current and prospective customers upon request, subject to the appropriate non-disclosure agreements (NDA). Please contact your account team.