Avepoint UK Ltd

Compliance Guardian for Data Validation, Classification, & Protection

Identify and automatically manage risks associated with content across structured and unstructured data in cloud and on-premise systems. Satisfy internal or external requirements for information management and data governance, including GDPR and the Data Protection Act. Complete DSARs (Data Subject Asset Requests) and Right to be Forgotten requests quickly.


  • Scan On-Premises platforms, SharePoint, File System,Database, Exchange, Websites
  • Scan platforms on many popular cloud platforms including Office365
  • Rules-based file analysis & classification with automated tagging
  • Discover and resolve regulatory violations using standard or custom checks
  • Search and export personal data for data subject access requests.
  • Automated remediation actions including quarantine, delete, move, encrypt,redact, pseudonymise.
  • Block, delete, lock, or redact offending social content
  • Automated and user-assisted reviews and incident management
  • Reports, dashboards and heatmap on scan results over time.
  • Integration with other platforms-Office365 DLP feeds, SIEM systems.


  • Automatically identify and report privacy, information management, and security violations
  • Standardise and enforce content classification based on context and ownership
  • Prevent data loss with automated data monitoring and security management
  • Efficiently resolve violations with automated actions to secure threats
  • Effectively prioritise risks based on organisational requirements
  • Assist in regulatory compliance (GDPR, Eprivacy, etc)
  • The framework evaluates and mitigates privacy and security risks
  • Gain dynamic insight into data with integrated Power BI reports
  • Monitor the effectiveness of technical controls based on risk analysis
  • Understand & assess risk based on confidentiality, availability and integrity


£9.75 per person per year

Service documents

G-Cloud 11


Avepoint UK Ltd

Hans Delleman



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints No
System requirements
  • Compliance Guardian comprises three modules which can be purchased separately
  • Licensing is based on customer size & number of employees
  • The administrator's console is accessed through a web GUI
  • Agents are deployed to facilitate scanning of the various sources
  • Agents are not licensed by AvePoint
  • Please note, customers are responsible for hosting the management console.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Telephone requests receive an immediate response. Other contact methods will be within 2 hours or more dependent on the severity of the request. For more information please visit - https://avepoint.com/products/support.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing Please contact AvePoint for further information about web-chat usage by assistive technology users and to discuss testing.
Onsite support Yes, at extra cost
Support levels We provide - Low, Medium, High and Very High levels, more information can be found at https://www.avepoint.com/products/support
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onboarding services are defined and agreed in a Statement of Work
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Customers will have direct access to their data throughout the contract and will not be reliant on AvePoint to 'extract' any content.
End-of-contract process The functionality will stop working and customers' obligations will end. Where applicable, customer data can be extracted directly from the portal.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility The service offers the ability to define the checks that will be used for the scanning of content. There are a number of standard checks that can help identify information useful for GDPR and data compliance objectives generally. Bespoke checks can also be created. Once the checks are defined, the sources are selected and the scans are run either once or to a schedule. There are options to automatically re-mediate violations and / or to report on them.
Accessibility testing TBC
What users can and can't do using the API APIs will allow configuration and scaning against data souces that are not available out of the box.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available No


Independence of resources The deployment architecture is designed based on specific demand forecast on a per customer basis.


Service usage metrics Yes
Metrics types Compliance Guardian works with AvePoint's extended Compliance Solutions to provide a heat maps that provide additional actionable context about the document including: how old is the document, who authored it, how many times has it been accessed, who can access it, who has accessed it, and what have they done with it. In this way, organisations can take specific steps to protecting and mitigating their risk.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency Never
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Not Applicable. Data will not need to be exported at the end of the contract
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Availability is set within the SLA
Approach to resilience Availability of Compliance Guardian can be dependent on a number of components that might be cloud-based or on-premise depending on which sources are in-scope. AvePoint leverages Microsoft Azure for hosting it's cloud service, which has a number of data centers to support HA environments. For components of Compliance Guardian that are deployed within the customers network, availability will be reliant upon redundancy and disaster recovery planning.
Outage reporting AvePoint will notify customer's of any outtages or service interruptions.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels All authentication is carried out against Microsoft Azure or any support ed Azure authentication method.
Access restriction testing frequency At least every 6 months
Management access authentication Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 6 months and 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 https://www.avepoint.com/company/privacy-and-security/
ISO/IEC 27001 accreditation date 29/06/2018
What the ISO/IEC 27001 doesn’t cover AvePoint has received ISO 27001:2013 certification with respect to secure software development and maintenance process including support business functions like Infosec, IT, HR, Sales and Marketing, Project Management, Operations and Call Center.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes AvePoint's Information Security Management System and policies adhere to the ISO 27001:2013 standard.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Change Management is documented, requested, reviewed, approved, tested, and finally rolled out during off hours in order to have minimal effect on customers.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We use AppScan to perform OWASP testing on every patch release. We subscribe to security bulletins and stay abreast of recent 0 day vulnerabilities as well as maintaining an active patch cycle
Protective monitoring type Supplier-defined controls
Protective monitoring approach We leverage the Azure Health Status page as well as service monitoring. Please refer to Azure documentation https://docs.microsoft.com/en-us/azure/best-practices-network-security for details. Customers are notified via Administrative Console alerts or directly by Customer Success as threats are identified, with proposed course of action.
Incident management type Supplier-defined controls
Incident management approach Long standing experienced help-desk available 24x7, backed by breach management procedures to notify customers, post information publicly when necessary, and dedicate development resources to a swift resolution.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £9.75 per person per year
Discount for educational organisations No
Free trial available Yes
Description of free trial It is possible to trial the product for a limited period as a business value assessment. Contact AvePoint to determine scope and terms of your business value assessment.
Link to free trial https://www.avepoint.com/uk/products/hybrid/compliance-guardian

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑