by Larry Mead, Kate Kompelien and Kurt Schroeder
Avtex is proud to announce that we have achieved a number of significant security, privacy and regulatory milestones. The organization has achieved Service Organization Control (SOC) 2 Type 2 certification, Health Insurance Portability & Accountability Act (HIPAA) Type 1 attestation, and General Data Protection Regulation (GDPR) attestation for 2019.
“We take privacy seriously and have organized our internal privacy and security programs to ensure the privacy and security of our clients,” said Eric Van Heel, Avtex Vice President of Cloud Solutions Support. “Achieving these attestations and certification is just one example of the efforts we take to protect the information, data and privacy of our clients, and their customers.”
For 2019, Avtex has achieved:
- SOC 2 Type 2 certification: Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for the effective management and protection of sensitive data. For 2019, Avtex obtained SOC 2 Type 2 certification in two key areas: Security and Availability. This marks the fourth straight year that Avtex has achieved SOC 2 Type II certification.
- HIPAA Type 1 attestation: To demonstrate compliance with HIPAA laws, Avtex worked with a third-party vendor to conduct a comprehensive compliance assessment to identify and remediate any potential data security or privacy vulnerabilities. The organization can now attest that it maintains security, technology, processes, policies and training procedures that comply with HIPAA regulations.
- GDPR attestation: The GDPR is a legal framework that sets guidelines for the collection and processing of personal information for residents of the European Union. GDPR regulations apply to organizations that are physically located in, or do business in, the EU. Avtex developed a comprehensive data management framework to demonstrate compliance with GDPR regulations, including those applying to the capture, storage, documentation and utilization of information relating to an identifiable person.
Each certification or attestation required a rigorous process including audits, policy and procedure reviews, internal control assessments and more. Individuals and teams from every department throughout the organization were involved.
“Achieving these milestones individually is no small feat – accomplishing all three simultaneously demonstrates our continued commitment to excellence in all aspects of dealing with sensitive and personal information,” said Van Heel. “We put a great deal of effort into ensuring that when a client puts their trust in us, their faith is not misplaced.”