Revinate® Security & Trust
Updated on March 18, 2024
Contents at a glance
Trust at Revinate
At Revinate, we believe that we have an obligation to create secure services that you and your guests can trust. Our talented team of security professionals is constantly working to improve how we protect your information in a way that is convenient for you while giving you confidence in the safety and security of each of our solutions.
Section 1
Prevent
1.1 Shift Left
We eliminate vulnerabilities before they affect you. Besides manual code reviews, our software development lifecycle features a number of technical vulnerability management tools, including Software Composition Analysis (SCA), Static Analysis Security Testing (SAST), and Infrastructure as Code scanning among others, that block vulnerabilities in the code before they ever enter the test phase.
1.2 Security In the Cloud
We minimize the attack surface of our solutions by following infrastructure design best practices and using Infrastructure as Code so that all services can be tested and production-ready without introducing vulnerabilities that tend to come from manual deployments. We take full advantage of the security features provided by our infrastructure hosting partners, Google Cloud Platform (GCP) and Amazon Web Services (AWS), and create technical guardrails to ensure that we always adhere to their best practices. On top of that, Dynamic Application Security Tests (DAST) and even manual vulnerability testing by our internal red team are used to regularly find, and fix, problems.
1.3 Automation
Finding vulnerabilities isn’t enough; they must be fixed. Where possible, Revinate uses the latest technologies to address security vulnerabilities as soon as they are discovered. If this level of auto-remediation isn’t already available in the tools we use, our highly skilled Security Team develops our own.
1.4 Culture of Security
Technical controls aren’t always enough. Everyone who takes part in solution development, testing, maintenance and design completes quarterly security training. Our procedures are designed to consider security requirements at all times; from inception to deployment to monitoring.
In short, at Revinate, our solutions are developed with security in depth and by design.
Section 2
Detect
2.1 Monitoring, Analysis and Alerting
We monitor everything, from employee workstations to solution and user activity, with a careful eye for any suspicious activity. If a threat is detected, our Security Team is alerted immediately through a number of outlets to triage the issue immediately.
2.2 Threat Awareness
Revinate uses state-of-the-art security tools to keep up with the latest threat vectors and patterns so that we can evolve our security controls to meet them.
Section 3
Respond
3.1 Availability
Revinate’s threat management team is available 24/7/365 to respond to and triage any threats as they come.
3.2 Incident Management
It is clear by now that no two security events are the same. Our Incident Management plan is designed to be dynamic and adaptable. Each year, the plan is tested in one of a variety of scenarios in a collaborative environment across the Company. The plan is constantly scrutinized and improved to minimize impact and maximize efficiency.
Section 4
Recover
4.1 Ready and Tested
We automate regular snapshots of our databases so we can minimize data loss due to downtime. Our services can be easily restored using the infrastructure-as-code approach to software hosting. Additionally, we follow high availability practices to further minimize data loss and downtime. If a security incident were to take down our service or corrupt our database, these practices will help us restore our services to you while we work to stop the hacker and increase security.
Section 5
Comply
5.1 Commitment to Data Protection
We are proud of our long standing commitment to the privacy and security of our customers’ and guests’ personal data. As a global entity with thousands of customers worldwide, we continually improve and mature our data protection program in order to effectively meet applicable regulations and industry standards. Our commitment to our customers is that we will never stop maturing and improving our standards, policies and procedures, and we will continue to earn your trust as stewards of your personal data.
5.2 Data Privacy
Our full scope privacy program is designed to meet our compliance obligations and support our customers’ expectations for a trustworthy, compliant data processor. We have a robust program that protects the personal data entrusted to us and implements applicable regulations including an array of US state laws and the EU/UK General Data Protection Regulations (GDPR), among others.
For more information on how we protect your privacy, you can review our Privacy Policy. For further detail on the Data Privacy Framework program and its multilateral cooperation, please visit the International Trade Administration’s DPF site.
5.3 Data Security
Revinate’s information security and compliance programs were developed to meet or exceed industry standards and best practices. We prioritize data security by investing in unbiased and independent external testing. We’re audited and certified by third-parties to be compliant with the PCI-DSS, SOC 2 Type 2/Type 1 security standards (AICPA Security Trust Services Criteria) and the Data Privacy Framework Verification Assessment Criteria (Truste).
Additionally, we conduct internal audits based on the NIST CSF, invest in our internal security expertise and implement mitigation strategies as deemed necessary and appropriate.
Section 6
Connect
Want to know more about our security practices? You can always contact us directly through www.revinate.com/support or emailing our security team at security[AT]revinate.com