Compliance and certifications

Federal Information Processing Standard (FIPS) 140 – 2 is a U.S. government standard that specifies the minimum security requirements for cryptographic modules in information technology products.

FIPS 201 – 2 is a U.S. government standard that outlines the minimum security requirements for federal personal identity verification (PIV) systems. These systems meet the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12).

The SAFETY Act provides important legal liability protections for providers of Qualified Anti-Terrorism Technologies, whether they are products or services.

The National Defense Authorization Act (NDAA) restricts the use, procurement, or sale of certain brands of surveillance equipment for federal agencies.

The European Union’s General Data Protection Regulation (GDPR) protects European Union (EU) individuals’ fundamental right to privacy and the protection of personal data. Avigilon is dedicated to ensuring compliance with data processing and privacy regulations in the provision of its products and services to customers. This commitment extends to adhering to applicable laws, including the EU GDPR.

Avigilon has achieved Service Organization Control 2 Type II (SOC2) reporting following a rigorous evaluation by a qualified, accredited and independent American Institute of Certified Public Accountants (AICPA) auditor. The audit report includes an evaluation against all trust services’ principles of security, availability, confidentiality, integrity and privacy.

Find out more at the Motorola Solutions Trust Center.

Avigilon is ISO 27001 certified, including the extensions 27017, 27018 and 27701 for information security and protection of PII in the cloud and privacy management. This helps ensure that the development operations we employ to build the platform on which our cloud solutions are deployed adhere to ISO best practices for information security and privacy. Customers who use our cloud solutions can be confident that we have the necessary policies and protocols in place to safeguard their data.

The California Privacy Rights Act (CPRA) is built upon the existing California Consumer Privacy Act (CCPA) that regulates how California residents’ personal information is handled, processed and stored; including deleting of personal information and the ​“right to forget.”

The PCI DSS provides a set of security standards for the payment card industry (PCI) to help ensure the security of credit card transactions.

Open Network Video Interface Forum (ONVIF) provides and promotes standardized interfaces for effective interoperability of IP-based physical security products.

The General Services Administration Approved Product List (GSA APL) outlines physical access control systems that are approved for use by U.S. federal government agencies and meet the security and functional requirements.