Revinate® Security & Trust

At Revinate, we believe that we have an obligation to create secure services that you and your guests can trust. Our talented team of security professionals is constantly working to improve how we protect your information in a way that is convenient for you while giving you confidence in the safety and security of each of our solutions.

1.1 Shift Left

We eliminate vulnerabilities before they affect you. Besides manual code reviews, our software development lifecycle features a number of technical vulnerability management tools, including Software Composition Analysis (SCA), Static Analysis Security Testing (SAST), and Infrastructure as Code scanning among others, that block vulnerabilities in the code before they ever enter the test phase.

1.2 Security In the Cloud

We minimize the attack surface of our solutions by following infrastructure design best practices and using Infrastructure as Code so that all services can be tested and production-ready without introducing vulnerabilities that tend to come from manual deployments. We take full advantage of the security features provided by our infrastructure hosting partners, Google Cloud Platform (GCP) and Amazon Web Services (AWS), and create technical guardrails to ensure that we always adhere to their best practices. On top of that, Dynamic Application Security Tests (DAST) and even manual vulnerability testing by our internal red team are used to regularly find, and fix, problems.

1.3 Automation

Finding vulnerabilities isn’t enough; they must be fixed. Where possible, Revinate uses the latest technologies to address security vulnerabilities as soon as they are discovered. If this level of auto-remediation isn’t already available in the tools we use, our highly skilled Security Team develops our own.

1.4 Culture of Security

Technical controls aren’t always enough. Everyone who takes part in solution development, testing, maintenance and design completes quarterly security training. Our procedures are designed to consider security requirements at all times; from inception to deployment to monitoring.

In short, at Revinate, our solutions are developed with security in depth and by design.

2.1 Monitoring, Analysis and Alerting

We monitor everything, from employee workstations to solution and user activity, with a careful eye for any suspicious activity. If a threat is detected, our Security Team is alerted immediately through a number of outlets to triage the issue immediately.

2.2 Threat Awareness

Revinate uses state-of-the-art security tools to keep up with the latest threat vectors and patterns so that we can evolve our security controls to meet them.

3.1 Availability

Revinate’s threat management team is available 24/7/365 to respond to and triage any threats as they come.

3.2 Incident Management

It is clear by now that no two security events are the same. Our Incident Management plan is designed to be dynamic and adaptable. Each year, the plan is tested in one of a variety of scenarios in a collaborative environment across the Company. The plan is constantly scrutinized and improved to minimize impact and maximize efficiency.

4.1 Ready and Tested

We automate regular snapshots of our databases so we can minimize data loss due to downtime. Our services can be easily restored using the infrastructure-as-code approach to software hosting. Additionally, we follow high availability practices to further minimize data loss and downtime. If a security incident were to take down our service or corrupt our database, these practices will help us restore our services to you while we work to stop the hacker and increase security.

5.1 Privacy

We believe that privacy and the privacy of your guests are some of our top priorities. With the regulatory climate constantly changing, Revinate is changing too. As a global entity with thousands of customers worldwide, we are always tracking the latest applicable laws and regulations. For more information on how we protect your privacy, you can review our Privacy Policy

5.2 Industry Standards

Revinate’s security standards were developed to meet or exceed the latest industry standards and best practices. We prioritize security by investing in unbiased external testing. We’re reviewed by certified third-parties to be compliant with PCI-DSS and SOC 2 Type 2/ Type 1 (AICPA Security Trust Services Criteria). We also regularly conduct internal audits based on the NIST CSF.

5.3 Continued Improvement

Every policy, procedure and security control is documented and analyzed by our Security and Compliance teams to find opportunities to improve.

Want to know more about our security practices? You can always contact us directly through www.revinate.com/support or emailing our security team at security[AT]revinate.com