Avepoint UK Ltd

Compliance Guardian for Data Validation, Classification, & Protection

Identify and automatically manage risks associated with content across structured and unstructured data in cloud and on-premise systems. Satisfy internal or external requirements for information management and data governance, including GDPR and the Data Protection Act. Complete DSARs (Data Subject Asset Requests) and Right to be Forgotten requests quickly.


  • Scan On-Premises platforms, SharePoint, File System,Database, Exchange, Websites
  • Scan platforms on many popular cloud platforms including Office365
  • Rules-based file analysis & classification with automated tagging
  • Discover and resolve regulatory violations using standard or custom checks
  • Search and export personal data for data subject access requests.
  • Automated remediation actions including quarantine, delete, move, encrypt,redact, pseudonymise.
  • Block, delete, lock, or redact offending social content
  • Automated and user-assisted reviews and incident management
  • Reports, dashboards and heatmap on scan results over time.
  • Integration with other platforms-Office365 DLP feeds, SIEM systems.


  • Automatically identify and report privacy, information management, and security violations
  • Standardise and enforce content classification based on context and ownership
  • Prevent data loss with automated data monitoring and security management
  • Efficiently resolve violations with automated actions to secure threats
  • Effectively prioritise risks based on organisational requirements
  • Assist in regulatory compliance (GDPR, Eprivacy, etc)
  • The framework evaluates and mitigates privacy and security risks
  • Gain dynamic insight into data with integrated Power BI reports
  • Monitor the effectiveness of technical controls based on risk analysis
  • Understand & assess risk based on confidentiality, availability and integrity


£9.75 per person per year

Service documents


G-Cloud 11

Service ID

2 6 1 0 2 0 7 0 9 4 7 8 1 1 8


Avepoint UK Ltd

Nigel Cottam



Service scope

Software add-on or extension
Cloud deployment model
Hybrid cloud
Service constraints
System requirements
  • Compliance Guardian comprises three modules which can be purchased separately
  • Licensing is based on customer size & number of employees
  • The administrator's console is accessed through a web GUI
  • Agents are deployed to facilitate scanning of the various sources
  • Agents are not licensed by AvePoint
  • Please note, customers are responsible for hosting the management console.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Telephone requests receive an immediate response. Other contact methods will be within 2 hours or more dependent on the severity of the request. For more information please visit - https://avepoint.com/products/support.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Please contact AvePoint for further information about web-chat usage by assistive technology users and to discuss testing.
Onsite support
Yes, at extra cost
Support levels
We provide - Low, Medium, High and Very High levels, more information can be found at https://www.avepoint.com/products/support
Support available to third parties

Onboarding and offboarding

Getting started
Onboarding services are defined and agreed in a Statement of Work
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customers will have direct access to their data throughout the contract and will not be reliant on AvePoint to 'extract' any content.
End-of-contract process
The functionality will stop working and customers' obligations will end. Where applicable, customer data can be extracted directly from the portal.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install
Compatible operating systems
Designed for use on mobile devices
Service interface
Description of service interface
The interface is menu-driven and provides access to all the functionality provided by Compliance Guardian.
Accessibility standards
None or don’t know
Description of accessibility
The service offers the ability to define the checks that will be used for the scanning of content. There are a number of standard checks that can help identify information useful for GDPR and data compliance objectives generally. Bespoke checks can also be created. Once the checks are defined, the sources are selected and the scans are run either once or to a schedule. There are options to automatically re-mediate violations and / or to report on them.
Accessibility testing
What users can and can't do using the API
APIs will allow configuration and scaning against data souces that are not available out of the box.
API documentation
API documentation formats
API sandbox or test environment
Customisation available


Independence of resources
The deployment architecture is designed based on specific demand forecast on a per customer basis.


Service usage metrics
Metrics types
Compliance Guardian works with AvePoint's extended Compliance Solutions to provide a heat maps that provide additional actionable context about the document including: how old is the document, who authored it, how many times has it been accessed, who can access it, who has accessed it, and what have they done with it. In this way, organisations can take specific steps to protecting and mitigating their risk.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Not Applicable. Data will not need to be exported at the end of the contract
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Availability is set within the SLA
Approach to resilience
Availability of Compliance Guardian can be dependent on a number of components that might be cloud-based or on-premise depending on which sources are in-scope. AvePoint leverages Microsoft Azure for hosting it's cloud service, which has a number of data centers to support HA environments. For components of Compliance Guardian that are deployed within the customers network, availability will be reliant upon redundancy and disaster recovery planning.
Outage reporting
AvePoint will notify customer's of any outtages or service interruptions.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
All authentication is carried out against Microsoft Azure or any support ed Azure authentication method.
Access restriction testing frequency
At least every 6 months
Management access authentication
Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
AvePoint has received ISO 27001:2013 certification with respect to secure software development and maintenance process including support business functions like Infosec, IT, HR, Sales and Marketing, Project Management, Operations and Call Center.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
AvePoint's Information Security Management System and policies adhere to the ISO 27001:2013 standard.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Change Management is documented, requested, reviewed, approved, tested, and finally rolled out during off hours in order to have minimal effect on customers.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We use AppScan to perform OWASP testing on every patch release. We subscribe to security bulletins and stay abreast of recent 0 day vulnerabilities as well as maintaining an active patch cycle
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We leverage the Azure Health Status page as well as service monitoring. Please refer to Azure documentation https://docs.microsoft.com/en-us/azure/best-practices-network-security for details. Customers are notified via Administrative Console alerts or directly by Customer Success as threats are identified, with proposed course of action.
Incident management type
Supplier-defined controls
Incident management approach
Long standing experienced help-desk available 24x7, backed by breach management procedures to notify customers, post information publicly when necessary, and dedicate development resources to a swift resolution.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£9.75 per person per year
Discount for educational organisations
Free trial available
Description of free trial
It is possible to trial the product for a limited period as a business value assessment. Contact AvePoint to determine scope and terms of your business value assessment.
Link to free trial

Service documents

Return to top ↑