Loading...

Demonstrating our security and privacy commitments to our company, people, and our clients

At Avanade, we understand the global threat landscape is evolving in complexity with an increasing number of attacks. Countries are quickly developing regulatory and compliance requirements to better protect the data and privacy of companies and citizens.

Avanade invests in security and privacy throughout our business because we understand the value of information assets and how critical they are to the success of your business. It is vital to us that you can trust that Avanade understands the unique security risks and concerns that can accompany new business solutions as we have been implementing business solutions for over 20 years.

“At Avanade, we’re deeply committed to data protection by ensuring data security and data privacy. We invest significant resources in our people, processes and technologies to protect data of our people, our company, and our clients.”

Bob Bruns Chief Information Security Officer, Avanade

Security & Privacy trained and capable workforce

Our people go through mandatory annual training on Information Security and Data Privacy. Avanade's Security Essentials program includes compliance courses that increase security and data privacy awareness and secure behavior adoption through the completion of interactive learning activities.

Additionally, all Avanade personnel are required to pass specific training courses, including safe information security and data privacy practices, Client Data Protection (CDP) training, understanding data classification, and applying Avanade’s Code of Business Ethics (CoBE).

Avanade client delivery requires a two-part CDP program:

  1. A risk assessment to determine where the client's risk lies in relation to the project
  2. A mitigation phase that uses a Client Data Protection plan comprised of 35+ control categories and operated by the project team

Designed to meet Avanade’s security and data privacy commitments

Avanade is constantly investing in information security-enabled capabilities to allay risks and implement security controls to protect personal data, to meet our obligations to clients.

The Office of our CISO (Chief Information Security Officer) is heavily invested in guaranteeing solutions to our clients, company and, internal employees to protect both possible concerns, data privacy and information security. To know more about it, visit our Privacy Statement.

Implemented to support Environmental, Sustainability (Social), and Governance (ESG) commitments within Avanade

Protecting personal data, and the implementation of cyber security and data privacy principles is a key factor in ensuring identities are not used by malicious actors which has an impact on the environment as well as within the sustainable (“socially responsible”) pillars of ESG. By leveraging prudent governance of our internal controls, external validation through various global and regional quality, security, and privacy certifications (e.g., ISO/IEC 27001:2022, ISO/IEC 27701:2019, ISO 14001:2015, ISO 9001:2015), and that of our award-winning Client Data Protection program, Avanade protects our employees’ and our clients’ data (including, sometimes, their customers’ and employees’ personal data), thus having a global impact wherever we operate or deliver. In addition, our corporate functions and CDP Program have been awarded conformity letters for both the Center for Internet Security Framework v8 and the NIST Cybersecurity Framework v1.1.

Our procurement practices are continually being enhanced; most recently we are now leveraging sustainability measurements of our suppliers to ensure we are working with organizations aligned with our ESG goals. More information can be found here for Avanade’s overall ESG program.

We build security to your requirements

We operate both an Information Security Management System (ISMS) and Privacy Information Management System (PIMS) to apply practices and guidance in managing our risks as a trusted provider.

Our Business Continuity Management (BCM) efforts work to manage risk to ensure resiliency, continuity and availability of our business operations. Avanade’s BCM follows the lifecycle defined by the Business Continuity Institute (BCI).

As certified Azure Expert Managed Service Providers (MSPs), you can be sure that you’re working with a trusted advisor that will offer you repeatable, highly automated solutions that enable and support hyper-scale cloud implementations in a secure way.

In addition to ISO/IEC 27001:2022, ISO/IEC 27701:2019, we also have Cyber Security Essentials & Cyber Essentials+ (UK) certificates for information services, information systems, personnel, and data associated with or supported by Avanade’s internal corporate functions and Avanade’s Client Data Protection (CDP) program. Additionally, we maintain our TISAX certification in Germany to support the local auto industry, as well as our Data Privacy TrustMark certification supporting Singapore local government clients which focuses on security and data privacy. 

This includes using providers and vendors that have appropriate attestations for their business operations (as an example, by seeking evidence of certified ISO 27001 and ISO 27701 programs and/or SSAE16 SOC1 and SOC2 annual audit reports).

Perspective

Code of Business Ethics

The ethical way is the only way.

Whitepaper

Integrated risk program with ServiceNow

Learn how Avanade connected and automated GRC processes, creating up-to-date visibility of its compliance status, accelerating and strengthening its risk responses, and significantly reducing the demands on its previously overworked GRC team.

Whitepaper

Threat detection and security automation with Azure Sentinel

Avanade now has integrated data, improved automation, and freed up its IT staff to focus on value-add projects—all while maintaining a commitment to its clients.

Whitepaper

MS Insider Risk Management to lessen insider risk

Learn how Avanade deploys Insider Risk Management with ease, creating collaborative security and threading effective risk management through the ecosystem.

We know the Microsoft ecosystem

Avanade has unparalleled expertise with Microsoft products, technologies and solutions, and we leverage that experience to advise you on the geographic data privacy obligations and security control requirements where you do business. This includes the international, regulatory and industry-specific compliance standards.

Our deep understanding of how these technologies can be implemented on a practical level can help you maneuver in the global data security and privacy regulatory landscape. Our proven expertise includes:

  • 32,000 Microsoft-trained professionals in Accenture and Avanade 
  • 60,000+ certifications in Microsoft technology 
  • 10,000 projects successfully delivered for over 4,000 clients worldwide 
  • 100+ Microsoft partner awards 
  • 2022 Global System Integrator (GSI) Partner of the Year
  • 2022 Dynamics 365 Customer Insights & Marketing Partner of the Year
  • 2022 Dynamics 365 Customer Service & Field Service Partner of the Year
  • 2022 Manufacturing & Supply Chain Partner of the Year
  • 2022 Austria Country Partner of the Year
  • 2022 Chile Country Partner of the Year
  • 2022 Denmark Country Partner of the Year
  • 2022 Poland Country Partner of the Year
  • 2022 Singapore Country Partner of the Year
  • 2022 Spain Country Partner of the Year
  • 2022 Sweden Country Partner of the Year
  • 19 Gold Competencies 
  • 18-time winner of Microsoft GSI Partner of the Year

Working with you

Delivery excellence and innovation are in our DNA. Learn how our approach can help your business realize results.

Share this page
CLOSE
Modal window
Contract