The “Avionté Security and Data Protection FAQs” offer insights into how Avionté secures customer data within its product & service platform.
Covering areas like data protection, compliance, and incident response, this section explains key practices, such as using AWS infrastructure, encryption, and strict access controls.
With topics on vulnerability management and employee training, these FAQs provide transparency and reinforce Avionté’s commitment to data security.
Data Security and Storage
1. What types of data encryption are used for data at rest and in transit?
Avionté utilizes AES-256 encryption for data at rest and TLS for data in transit, ensuring that sensitive information is protected during storage and transfer.
2. How is data segregated within the AWS infrastructure to ensure customer privacy?
Each customer’s data is logically separated, ensuring data integrity and privacy within the AWS environment. Access is limited based on strict permissions.
3. How does Avionté handle data ownership and customer access to data?
Avionté customers retain full ownership of their data. Customers can access, export, and manage their data at any time through Avionté’s platform, with assistance available as needed.
4. What protocols does Avionté use for secure data deletion?
Avionté follows AWS best practices for secure data deletion, including cryptographic erasure and secure overwriting, ensuring that deleted data is unrecoverable.
Business Continuity and Disaster Recovery
5. What is Avionté’s disaster recovery plan for data stored in AWS?
Avionté has a robust disaster recovery plan, including offsite backups in AWS’s US-West-1 region. Data is recoverable within hours in case of major incidents.
6. How often are disaster recovery drills conducted?
Avionté performs annual disaster recovery drills to test and refine recovery procedures, ensuring they meet business continuity requirements.
7. How does Avionté ensure resilience against regional outages within AWS?
Avionté uses AWS’s multi-region capabilities, with automatic failover between regions, to maintain service availability during regional outages.
Compliance and Certifications
8. Is Avionté HIPAA-compliant, and how does it protect healthcare-related data?
While Avionté is not primarily focused on healthcare, it follows industry-standard practices that align with HIPAA requirements, such as data encryption and access control.
9. Does Avionté comply with the GDPR for customers based in the EU?
Yes, Avionté adheres to GDPR by implementing data minimization, explicit consent, and rights to data access and deletion for EU-based customers.
10. What types of audits are conducted to ensure Avionté’s compliance with SOC 2 standards?
Avionté undergoes annual SOC 2, Type II audits by independent third parties to verify compliance with stringent security, availability, and confidentiality requirements.
11. How does Avionté stay updated with changes in regulatory requirements?
Avionté’s compliance team continuously monitors regulatory changes and updates policies and practices to align with new requirements, ensuring ongoing compliance.
Access Control and Authentication
12. What authentication methods are used to secure access to Avionté’s platform?
Avionté employs multi-factor authentication (MFA) to ensure that only authorized users access the platform.
13. How does Avionté enforce the principle of least privilege across its systems?
By using role-based permissions and regular access reviews, Avionté limits user access to the minimum required to perform their job functions.
14. Does Avionté support Single Sign-On (SSO) for user authentication?
Yes, Avionté supports SSO, allowing customers to integrate their existing identity providers for seamless and secure user authentication.
Network Security
15. How does Avionté protect its network from external threats?
Avionté utilizes AWS’s built-in firewall and monitoring services to detect and block unauthorized access, along with regular vulnerability assessments.
16. What protection measures are in place against Distributed Denial of Service (DDoS) attacks?
Avionté leverages AWS Shield for DDoS mitigation, ensuring high availability even during malicious traffic spikes.
17. What measures are in place to secure data transmitted over public networks?
Avionté uses TLS encryption for all data transmitted over public networks, safeguarding information from interception and tampering.
18. How does Avionté handle firewall configuration and monitoring?
Avionté uses AWS’s native firewall solutions, which are regularly configured and monitored to prevent unauthorized access and detect anomalies.
Incident Response and Threat Detection
19. How does Avionté monitor for security incidents?
Avionté uses AWS tools and other 3rd party systems to detect anomalies and security events, providing real-time alerts to the security team.
20. What is the process for notifying customers in the event of a data breach?
Avionté is committed to transparency and will notify affected customers within 72 hours of identifying a breach, following all legal and regulatory requirements.
21. What kind of logging and monitoring does Avionté implement for threat detection?
Avionté uses AWS tools and other 3rd party systems for comprehensive logging and monitoring, ensuring all activities are tracked and potential threats are promptly identified.
22. Does Avionté conduct tabletop exercises to prepare for potential security incidents?
Yes, Avionté periodically conducts tabletop exercises simulating security incidents to refine response strategies and improve readiness.
Vulnerability Management and Patching
23. Does Avionté conduct regular vulnerability scans on its systems?
Yes, Avionté performs continuous vulnerability scans and routine penetration tests to identify and address potential security weaknesses.
24. How are critical vulnerabilities prioritized for remediation?
Avionté follows a risk-based approach, prioritizing critical vulnerabilities for immediate patching, usually within 48 hours of detection.
25. How does Avionté manage third-party dependencies and patching?
Avionté continuously monitors third-party components for vulnerabilities, applying patches as they become available to minimize risk exposure.
26. What tools does Avionté use for vulnerability scanning?
Avionté employs industry-leading vulnerability tools for routine vulnerability scanning, ensuring potential issues are identified and mitigated promptly.
Customer Data Management and Retention
27. How long does Avionté retain customer data after contract termination?
Avionté retains customer data for 90 days post-contract to allow for data export, after which the data is securely deleted.
28. Can customers request data deletion, and how is this request processed?
Yes, customers can request data deletion, and Avionté ensures compliance with legal requirements by securely deleting data within 30 days of the request.
29. Can customers request an export of their data in a specific format?
Yes, Avionté supports data export in various common formats, such as CSV or JSON, allowing customers to obtain and analyze their data as needed.
30. How does Avionté handle data archiving for long-term retention?
Avionté offers archiving options within AWS, using services like Glacier for long-term, low-cost data storage that retains data while maintaining compliance.
Third-Party Integrations and API Security
31. How does Avionté secure data exchanged with third-party integrations?
Avionté uses secure APIs with token-based authentication and TLS to protect data exchanged with third-party systems.
32. Does Avionté offer any tools for customers to monitor API usage?
Currently, Avionté monitors the API usage for the customers. Customers do not have direct access to these logs and reports.
33. How does Avionté ensure third-party integrations do not compromise system security?
Avionté evaluates third-party integrations for security risks and uses strict API permissions and endpoint security controls to minimize potential vulnerabilities.
34. Are API usage limits and throttling policies enforced?
Yes, Avionté enforces API rate limits and throttling policies to prevent abuse, ensuring fair usage and protecting against potential DDoS attacks through APIs.
Employee Security Awareness and Training
35. How often does Avionté conduct security training for its employees?
All employees undergo annual security awareness training, with specialized training for those handling sensitive data, and also undergo continuous security training for phishing and other threats.
36. Are employees required to report suspicious activity?
Yes, Avionté has a mandatory reporting policy.
37. How does Avionté ensure that employees understand data privacy requirements?
Avionté provides regular training on data privacy laws and regulations, with emphasis on handling customer data responsibly and in compliance with legal standards.
38. Are employees subjected to background checks before handling sensitive information?
Yes, Avionté conducts thorough background checks on employees who will access sensitive information, as part of a comprehensive hiring and onboarding process.