Skip to main content
Get Started
Avature

The Avature Difference

For over 15 years, Avature has provided data processing services designed to advance the fundamental privacy principles of notice, choice, access, use and disclosure.

We allow our customers to define differentiated configurations of the SaaS platform to comply with the specific privacy obligations within their operational jurisdictions. When combined with our mature organizational controls, technical safeguards, and data localization capabilities, these data controller options present one of the most comprehensive privacy-compliant data processing options available today.

Avature, in its capacity as a data processor, maintains compliance with all major internationally binding privacy regulations, treaties, and conventions. Our robust information-security program is designed to prevent unauthorized access to customer data, and our technical architecture ensures the availability and integrity of customer data at all times.

To learn more about Avature’s approach to privacy, click here

Certifications & Audits

Our operations, policies, and controls undergo regular audits to ensure that Avature meets and exceeds all requirements expected of a world-class technology service provider. Avature’s standard of excellence is supported by our commitment to maintaining our ISO, SOC 1 and SOC 2 certifications.

Registrations, Self-Assessment & Standards

Industry Leaders Trust in Avature

9
of the world's 15
largest banks
5
of the 10 largest
tech companies
28
of the Forbes
Global 100
Visit our Customers page

Built on a Foundation of Confidence and Compliance

Availability

Avature has met its target data availability for the past five years.

Thin Client Access

The Avature platform can be accessed from any commercial browser on desktop and mobile, including Microsoft Edge, Firefox, Chrome, Safari, and iOS and Android browsers.

Backup & Recovery

Avature performs a complete backup of each customer’s data through daily differential/incremental and weekly full-dump backups. All backups are encrypted and stored in two separate production environments, with restoration functions tested periodically. Off-site storage is provided by AWS S3 and Glacier.

Disaster Recovery

Avature ensures high availability with paired instances in different data centers. Near real-time replication provides a ready backup, allowing seamless failover and maintaining both Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).

Physical Security & Hosting

Avature offers hosting on the Avature Private Cloud or Amazon Web Services (AWS) public cloud, with customers open to choose the region for the data centers that house and process their data.

Cloud Hosting: Public & Private

Avature’s private cloud operates in highly secure, Tier 3+ rated data centers across the US, Europe and Asia, with top providers like Equinix and Telehouse. For customers preferring a public cloud, Avature also offers hosting on AWS globally, including AWS GovCloud for U.S. government compliance.

Data Center Locations:
  • New York and New Jersey,  United States
  • Amsterdam,  The Netherlands
  • Frankfurt,  Germany
  • Shanghai,  China
Network Security

Avature gateways are secured with application firewalls against denial-of-service attacks, intrusion-detection software and weekly automated vulnerability scans. Avature operates 24/7 with a hot patch process and conducts biannual penetration tests by a PCI-certified third party.

Accessibility

Avature’s web accessibility program ensures an inclusive user experience that is compliant with WCAG 2.2, Level AA. Avature’s solutions support assistive technologies, and the Avature design studio aids customers in creating accessible career sites and landing pages and offers testing and accessibility audits.

Application Security

Role-Based Access Control

Avature supports both single sign-on (SAML) and multi-factor authentication (MFA). Customers can segment users by specific roles and privileges and log and restrict access in real time. Additional security features such as IP whitelisting, hardware-based certificate authentication and field-specific encryption for sensitive data provide customers with an industry-leading application security experience.

Journaling

Avature’s in-application journal logs all user activities, including login history, login attempts, changes in record data, workflow configuration and security settings.

Built-in Security Testing

Each Avature release is subjected to over 10,000 tests, including against the top 10 OWASP threats, alongside a complete set of performance benchmark tests.

Periodic Third-Party Testing

A Payment Card Industry (PCI) certified third-party security company performs a biannual penetration test for our application, mobile app and network, with results made available to customers.

Customer Testing

At Avature, customers can conduct their own application vulnerability tests on a copy of their configured instance in a quarantined environment, with data obfuscated for third-party testing.

Operational Security & Compliance

Zero-Trust Principle

Avature applies “zero trust” and “least privilege” best practices, with all employees required to undergo background checks, sign confidentiality agreements and participate in Avature’s ongoing security training.

Compliance Support

Avature’s high configurability and flexibility help customers meet global compliance requirements, including GDPR, equal opportunity employment, OFCCP and Australia’s Privacy Act of 1988.

Avature has met its target data availability for the past five years.

Thin Client Access

The Avature platform can be accessed from any commercial browser on desktop and mobile, including Microsoft Edge, Firefox, Chrome, Safari, and iOS and Android browsers.

Backup & Recovery

Avature performs a complete backup of each customer’s data through daily differential/incremental and weekly full-dump backups. All backups are encrypted and stored in two separate production environments, with restoration functions tested periodically. Off-site storage is provided by AWS S3 and Glacier.

Disaster Recovery

Avature ensures high availability with paired instances in different data centers. Near real-time replication provides a ready backup, allowing seamless failover and maintaining both Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).

Avature offers hosting on the Avature Private Cloud or Amazon Web Services (AWS) public cloud, with customers open to choose the region for the data centers that house and process their data.

Cloud Hosting: Public & Private

Avature’s private cloud operates in highly secure, Tier 3+ rated data centers across the US, Europe and Asia, with top providers like Equinix and Telehouse. For customers preferring a public cloud, Avature also offers hosting on AWS globally, including AWS GovCloud for U.S. government compliance.

Data Center Locations:
  • New York and New Jersey,  United States
  • Amsterdam,  The Netherlands
  • Frankfurt,  Germany
  • Shanghai,  China
Network Security

Avature gateways are secured with application firewalls against denial-of-service attacks, intrusion-detection software and weekly automated vulnerability scans. Avature operates 24/7 with a hot patch process and conducts biannual penetration tests by a PCI-certified third party.

Avature’s web accessibility program ensures an inclusive user experience that is compliant with WCAG 2.2, Level AA. Avature’s solutions support assistive technologies, and the Avature design studio aids customers in creating accessible career sites and landing pages and offers testing and accessibility audits.

Role-Based Access Control

Avature supports both single sign-on (SAML) and multi-factor authentication (MFA). Customers can segment users by specific roles and privileges and log and restrict access in real time. Additional security features such as IP whitelisting, hardware-based certificate authentication and field-specific encryption for sensitive data provide customers with an industry-leading application security experience.

Journaling

Avature’s in-application journal logs all user activities, including login history, login attempts, changes in record data, workflow configuration and security settings.

Built-in Security Testing

Each Avature release is subjected to over 10,000 tests, including against the top 10 OWASP threats, alongside a complete set of performance benchmark tests.

Periodic Third-Party Testing

A Payment Card Industry (PCI) certified third-party security company performs a biannual penetration test for our application, mobile app and network, with results made available to customers.

Customer Testing

At Avature, customers can conduct their own application vulnerability tests on a copy of their configured instance in a quarantined environment, with data obfuscated for third-party testing.

Zero-Trust Principle

Avature applies “zero trust” and “least privilege” best practices, with all employees required to undergo background checks, sign confidentiality agreements and participate in Avature’s ongoing security training.

Compliance Support

Avature’s high configurability and flexibility help customers meet global compliance requirements, including GDPR, equal opportunity employment, OFCCP and Australia’s Privacy Act of 1988.

More Related Content

E-books & Guides

Being OFCCP Compliant with Avature

Avature helps customers efficiently meet the requirements of the U.S. Department of Labor and its Office of Federal Contract Compliance Programs (OFCCP).

View
E-books & Guides

Achieving GDPR Compliance with Avature

Read our GDPR training for recruiters guide to learn how Avature’s technical features, support, and security measures help our customers maintain and protect their candidates’ data.

View
Articles

6 Reasons to Invest in a Single Recruitment Platform

We explore the benefits of adopting a one-platform approach to talent acquisition by investing in a best-in-class recruiting suite.

View