At Avanade, we understand the global threat landscape is evolving in complexity with an increasing number of attacks. Countries are quickly developing regulatory and compliance requirements to better protect the data and privacy of companies and citizens.

Avanade invests in security and privacy throughout our business because we understand the value of information assets and how critical they are to the success of your business. It is vital to us that you can trust that Avanade understands the unique security risks and concerns that can accompany new business solutions as we have been implementing business solutions for over 20 years.

Our people go through mandatory annual training on Information Security and Data Privacy. Avanade's Security Essentials program includes compliance courses that increase security and data privacy awareness and secure behavior adoption through the completion of interactive learning activities.

Additionally, all Avanade personnel are required to pass specific training courses, including safe information security and data privacy practices, Client Data Protection (CDP) training, understanding data classification, and applying Avanade’s Code of Business Ethics (CoBE).

Avanade client delivery requires a two-part CDP program:

1. A risk assessment to determine where the client's risk lies in relation to the project
2. A mitigation phase that uses a Client Data Protection plan comprised of 35+ control categories and operated by the project team

Avanade is constantly investing in information security-enabled capabilities to allay risks and implement security controls to protect personal data, to meet our obligations to clients.

The Office of our CISO (Chief Information Security Officer) is heavily invested in guaranteeing solutions to our clients, company and, internal employees to protect both possible concerns, data privacy and information security. To know more about it, visit our Privacy Statement.

Protecting personal data, and the implementation of cyber security and data privacy principles is a key factor in ensuring identities are not used by malicious actors which has an impact on the environment as well as within the sustainable (“socially responsible”) pillars of ESG. By leveraging prudent governance of our internal controls, external validation through various global and regional quality, security, and privacy certifications (e.g., ISO/IEC 27001:2022, ISO/IEC 27701:2019, ISO 14001:2015, ISO 9001:2015), and that of our award-winning Client Data Protection program, Avanade protects our employees’ and our clients’ data (including, sometimes, their customers’ and employees’ personal data), thus having a global impact wherever we operate or deliver. In addition, our corporate functions and CDP Program have been awarded conformity letters for both the Center for Internet Security Framework v8 and the NIST Cybersecurity Framework v1.1.

Our procurement practices are continually being enhanced; most recently we are now leveraging sustainability measurements of our suppliers to ensure we are working with organisations aligned with our ESG goals. More information can be found here for Avanade’s overall ESG program.

We operate both an Information Security Management System (ISMS) and Privacy Information Management System (PIMS) to apply practices and guidance in managing our risks as a trusted provider.

Our Business Continuity Management (BCM) efforts work to manage risk to ensure resiliency, continuity and availability of our business operations. Avanade’s BCM follows the lifecycle defined by the Business Continuity Institute (BCI).

As certified Azure Expert Managed Service Providers (MSPs), you can be sure that you’re working with a trusted advisor that will offer you repeatable, highly automated solutions that enable and support hyper-scale cloud implementations in a secure way.

In addition to ISO/IEC 27001:2022, ISO/IEC 27701:2019, we also have Cyber Security Essentials & Cyber Essentials+ (UK) certificates for information services, information systems, personnel, and data associated with or supported by Avanade’s internal corporate functions and Avanade’s Client Data Protection (CDP) program. Additionally, we maintain our TISAX certification in Germany to support the local auto industry, as well as our Data Privacy TrustMark certification supporting Singapore local government clients which focuses on security and data privacy. 

This includes using providers and vendors that have appropriate attestations for their business operations (as an example, by seeking evidence of certified ISO 27001 and ISO 27701 programs and/or SSAE16 SOC1 and SOC2 annual audit reports).

Avanade has unparalleled expertise with Microsoft products, technologies and solutions, and we leverage that experience to advise you on the geographic data privacy obligations and security control requirements where you do business. This includes the international, regulatory and industry-specific compliance standards.

Our deep understanding of how these technologies can be implemented on a practical level can help you maneuver in the global data security and privacy regulatory landscape. Our proven expertise includes: