Avaamo combines enterprise-grade security features with rigorous compliance to industry standards to ensure your data is always protected.
Avaamo’s compliance certifications and regulations
SOC2(Type â…¡)
Trust Services Principles
CSA
Cloud Security Alliance
ISO/IEC 27001
Information Security Management System (ISMS)
NIST 800-171
Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
HIPAA
Avaamo is HIPAA (Health Insurance Portability and Accountability Act) compliant
CCPA
California Consumer Privacy Act
CASL
Canada’s Anti-Spam Legislation
CAN-SPAM
Controlling the Assault of Non-Solicited Pornography And Marketing
Avaamo and the EU General Data Protection Regulation (GDPR)
Avaamo is committed to complying with requirements imposed by the General Data Protection Regulation (GDPR), which took effect on 25 May 2018.
To learn more about our GDPR compliance, please read our GDPR policy.
Avaamo’s Security Features
Encryption – Data in transit
All data transmitted between Avaamo agents and the Avaamo conversational AI platform is done so using strong encryption protocols. Avaamo supports the latest recommended secure cipher suites to encrypt all traffic in transit, including the use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures.
Encryption – Data at rest
Avaamo’s production data at rest is encrypted using FIPS 140-2 compliant encryption standards. This applies to all types of data at rest accessed by the production systems including relational databases, file stores, database backups, etc.
Multi-factor Authentication
To detect and prevent unauthorized access, Avaamo employs multi-factor authentication on all systems, including the development and staging systems. Avaamo also provides customers multiple Single Sign-On (SSO) options including SAML 2.0 providers.
Penetration Testing
Avaamo engages independent security firms to conduct application-level and infrastructure-level penetration tests at least once a year. Results of these tests are triaged, prioritized, and remediated in a timely manner by senior management. Customers can request the most recent reports from their account executive.
Customer Driven Audits and Penetration Tests
Many Avaamo customers also run security control assessment and/or penetration testing on the Avaamo system.
New or existing customers are welcome to perform security control assessment or penetration testing on Avaamo’s system. Please contact security@avaamo.ai to schedule a test.
Information Security Compliance Audits
Avaamo is continuously monitoring, auditing, and improving the design and operating effectiveness of our security controls. These activities are regularly performed by both third-party credentialed assessors and Avaamo’s internal risk and compliance team. Audit results are shared with senior management and all findings are tracked to resolution in a timely manner.
Network Isolation and Security
Avaamo divides its systems into separate networks to better protect sensitive data. Systems supporting testing and development activities are hosted in a separate network from systems supporting Avaamo’s production systems. Sensitive customer deployments are further isolated by VPCs.
Avaamo deploys firewalls at entry points of publicly accessible systems to log, audit and detect DOS and DDOS, and prevent such attacks.
Server Hardening
All servers within our production fleet are hardened using the CIS (Center for Internet Security) benchmarks and have a base configuration image applied to ensure consistency across the environment.
Responding to Security Incidents
Avaamo has established policies and procedures for responding to potential security incidents. All security incidents are managed by Avaamo’s Security Incident Response Team (SIRT). Please contact security@avaamo.ai to report any security incidents.