Compliance

Avaya ensures the security of our assets and of the data we handle on customers’ behalf by complying with laws, regulations, policies, and customer commitments. 

Structured for success

Avaya’s Ethics, Integrity and Security (EIS) team is led by our Chief Compliance Officer and is strategically placed with our worldwide law team to ensure independent governance, Board of Directors oversight, and transparency to our stakeholders. EIS has teams for physical and information security, business continuity, industry certifications, third party risk management, and ethics and compliance.

Security

Avaya security teams operate in two workstreams: the protection of people and assets and the protection of Avaya and customer data. Robust business continuity and crisis management plans maintain our employee safety and operations. The Information Security team ensures the protection and availability of Avaya’s information assets, which includes information entrusted to us by our customers. We understand that threats to our network and information come from many different vectors and are extremely fluid. We approach security by: 

  • Security operations and best practices 
  • Platform and network security 
  • Availability and continuity 
  • Incident response 
  • Continuous assessment and improvement 

 

ISO 9001 Logo

ISO 9001

Learn more

ISO 9001

For a quality management system (QMS). This applies to Avaya’s design, development, sales, delivery, implementation, and services of our communication solutions. View or download the certification and scope at Certification by Schellman.

ISO Logo

ISO 27001

Learn more

ISO 27001

Information security standard. This applies to AXP Public and the Avaya Managed Services Platform. View or download the certifications with scope at Any Certification by Schellman.

HIPAA Compliance

HIPAA Compliance

Learn more

HIPAA Compliance

To support customers in the health care industry, Avaya has implemented the appropriate security controls on Avaya Experience Platform, Avaya Enterprise Cloud, and the Avaya Managed Services Platform to issue a Business Associate Agreement. View the Compliance Status of Avaya Services.

PCI Compliance

PCI compliance

Learn more

PCI compliance

To support customers that process credit card data, Avaya has implemented appropriate security controls on the Avaya Experience Platform, Avaya Enterprise Cloud and Avaya Managed Services Platform. View the Compliance Status of Avaya Services.

FedRAMP Compliance

FedRAMP compliance

Learn more

FedRAMP compliance

To support U.S. Government customers, Avaya has implemented appropriate security controls on Avaya Government Cloud.

Trusted Cloud Provider

Trusted Cloud Provider

Learn more

Trusted Cloud Provider

Trusted Cloud Provider status for Avaya Spaces and Avaya Experience Platform obtained from the Cloud Security Alliance.

 

 

Cyber Essentials Basic

Cyber Essentials Basic

Learn more

Cyber Essentials Basic

To support UK Government customers, Avaya has implemented appropriate security controls on Avaya Experience Platform – Public and Avaya Enterprise Cloud.

 

 

Data privacy

Privacy by design

Our cloud solutions go through stringent internal engineering processes to ensure they incorporate technical features to enable our clients to comply with the requirements of GDPR and other privacy laws around the world. 

Binding Corporate Rules

Avaya’s processor Binding Corporate Rules ensure that all our entities handling customer data do so following rigorous data handling processes of the highest standards approved by the EU regulatory authorities. 

EU and UK data transfers

Our contractual commitments to your personal data: Avaya will handle your data in accordance with the commitments we make in our Data Processing Agreement. Our Data Processing Agreement has been designed not just with GDPR in mind, but with a vast array of other privacy laws. 

Privacy factsheets

Our exports of EU and UK personal data rely on our Binding Corporate Rules and the International Data Transfer Agreement or Addendum for the UK together with our processes to carry out transfer impact assessments whenever such data is shared outside of the Avaya group. For more information, review our FAQs.