Data security is a critical component of the RiskRevu platform. We utilize many levels of security to help ensure the data being collected is well protected. We are constantly working to keep up to date with the latest security trends. Here is a brief overview of the security procedures and protocols we have in place.
Strong Password Enforcement and Protection
Every new user is required to set a complex password in order to login to their RiskRevu account. RiskRevu never stores your password in plaintext. These passwords go through many levels of hashing using the Argon2 password hashing algorithm.
Internal Security Measures
RiskRevu employees are required to change passwords every 90 days. We limit access to our production infrastructure and strongly authenticate that access. We utilize VPNs to ensure network access is restricted.
Data in Transit is Encrypted
We utilize SSL/TLS Transport Layer Security to encrypt data in transit and secure network communications with our site.
Data at Rest is Encrypted
Personally Identifying Data at rest is encrypted with 256-AES technology.
We log the transactions throughout our site’s infrastructure on a continuous basis for both front and back end processes. This includes web server access logging as well as activity logging for actions.
Our site utilizes firewalls to protect it from malicious internet traffic.
Data Storage and Backups
We partnered with Kinsta to provide a secure and reliable cloud infrastructure for our users. Our website and the data we store is backed up each day and the backups are secured in an isolated environment on Kinsta servers. These servers have numerous redundancies built in to ensure business continuity. There are 24 data centers that will automatically take over for another in the event one is not operational due to a natural disaster or other issue.
We do not utilize portable or removable media for backups.
Our disaster plan includes backup systems testing and procedural documentation to assist with responding to potential disasters.
Our breach response plan includes identifying the extent of the breach in order to communicate with those who may be affected. Law enforcement would also be notified, when necessary.
Updated: February 20, 2021