Trust Center

We’re pleased to announce that our latest bridge letters are now available on the AvidXchange Trust Center. These letters provide assurance during the period between our most recent SOC audit reports and the next scheduled audit, reinforcing our commitment to transparency and data security.

You can request the bridge letters under the Featured Documents section of the AvidXchange Trust Center: trust.avidxchange.com.

We are pleased to announce that our latest SOC 1 Type II and SOC 2 Type II audit reports, conducted by Forvis Mazars LLP, are now available on AvidXchange’s Trust Center. This update reflects our continued commitment to safeguarding your data and ensuring compliance with industry standards and best practices.

The reports can be requested under the Featured Documents section of AvidXchange’s Trust Center: trust.avidxchange.com

AvidXchange has reviewed and investigated the potential impact of the critical vulnerabilities in F5 devices (https://www.cisa.gov/news-events/news/cisa-issues-emergency-directive-address-critical-vulnerabilit…). AvidXchange is not affected and does not leverage F5 devices or software.

AvidXchange monitors security information resources for vulnerability announcements, patch and non-patch remediation change, security events and incidents, and emerging threats that correspond to the software and hardware within AvidXchange’s system inventory. Patches are regularly applied per our Vulnerability Management Standard, which includes applying patches monthly at minimum. Advanced Malware Protection controls are deployed to all corporate-issued endpoints. These controls receive updates in real-time in alignment with best practices.

AvidXchange has reviewed and investigated the indicators of compromise of the Salesloft Drift compromise impacting Salesforce integrations. AvidXchange does not currently leverage Salesloft but has not found any of these indicators within our logs or evidence of a related successful attack from AvidXchange's prior usage of Salesloft. Our Security Operations team will remain active in monitoring any potential vulnerabilities and IOCs related to this event.

AvidXchange monitors security information resources for vulnerability announcements, patch and non-patch remediation change, security events and incidents, and emerging threats that correspond to the software and hardware within AvidXchange’s system inventory. Patches are regularly applied per our Vulnerability Management Standard, which includes applying patches monthly at minimum. Advanced Malware Protection controls are deployed to all corporate-issued endpoints. These controls receive updates in real-time in alignment with best practices.