MyWorkPal

Avantus Business Solutions holds the following certifications: 

• BS EN ISO/IEC 27001:2022 Certification was completed by external auditor Centre For Assessment. certificate attached below.
• Cyber Essentials.
• Cyber Essentials Plus. 
• FSQS as a recognised supplier to the UK Financial Services sector.

See attached documents supporting the above certifications. 

Avantus maintains a data privacy policy ensures adherence to the requirements of the Data Protection Act, with staff undergoing annual assessment and training to remain current. Our data privacy policy provides internal disciplinary sanctions for employees who fail to comply with the policy. Annual training is provided by third party online training agency. 

The Data Protection Policy has been audited as part of our ISO 27001 compliance and certification.

Avantus has named individuals responsible for the following roles 

• Chief Information Security Officer
• Data Protection Officer
• Data Privacy Officer

Avantus System is not PCI DSS compliant as neither payment card information nor bank details are held or processed on the platform. Where data related to cards or bank details are held on the system as part of the tenant configuration they are the responsibility of the platform owner.

MyWorkPal is hosted on the Microsoft Azure environment which benefits from a wide range of certifications.

Penetration Testing

See attached latest Penetration Test Report from our 3rd party test agency. Scope and date of test are detailed in the document.

From August 2022 Avantus systems commenced running application scans as part of each major release using the Appcheck vulnerability scanning platform. Appcheck scans are embedded into the QA release pipelines, ensuring vulnerabilities are picked up before publishing to live.

AppCheck emulates the process of a manual penetration test to provide full coverage of the OWASP Top 10, zero day vulnerabilities, and 100,000+ known security flaws by interrogating CVE database. As a 3rd party service it is built and managed by expert manual penetration testers that are always on-hand to ensure our tests are configured bespoke to our assets requirements to ensure the best ROI on our testing. 

MyWorkPal benefits from using AppCheck VS traditional annual manual reviews as it significantly enhancing our security posture due to the scope and scalability of testing with AppCheck VS occasional ad hoc or annual testing.

The attached test results followed testing admin portal and example tenant portal on the Azure environment. 

How are CVSS scores calculated?

Tables in Admin Appcheck report and Tenant Appcheck report are provided by the AppCheck scanning tool and includes CVSS scoring. Details of how these scores are calculated  is outlined here: https://appcheck.zendesk.com/hc/en-us/articles/360021417553-An-Explanation-of-Vulnerability-Scoring