Cloud Security Statement
Revyz cloud services (Revyz Cloud) are hosted and delivered by Amazon Web Services (AWS). Amazon is responsible for the security of its actual data centers and the AWS cloud. Revyz is responsible for monitoring, managing and securing the Revyz Cloud.
AWS manages the data centers that host the Revyz Cloud. For more information about security at those data centers, see here.
Revyz Cloud data is hosted in the United States.
Amazon Web Services manages the security of the cloud. AWS has been certified by third-party organizations, and manages many compliance programs to comply with laws and regulations. A list of such certifications and compliance statements can be found here.
AWS has a public SOC 3 report on Security, Availability & Confidentiality (pdf)
Revyz is certified as a Cloud Security Compliant vendor with Atlassian, see here.
People and Access
Within Revyz, only a few trusted members of our Cloud Team have access to the production environment for the purposes of maintaining our cloud services and assisting our customers. Additionally, we monitor all access to Revyz Cloud.
Customers are responsible for maintaining the security of their own login information.
In the Revyz Cloud, data at rest is encrypted following industry standards. Additionally, all communications with the Revyz Cloud are protected with HTTPS using TLS and within the Cloud with VPN network connections.
Revyz maintains customer data on a rolling basis for a period of six months while you are our customer. In case you leave our service, one month later your data is removed from our production database.
Customer data is backed up three times per day, and is encrypted following industry standards. Backup lifetime is one month.
Revyz’s Cloud team has a disaster recovery process in place and it is tested on a regular basis.
Security Incident Policy
Every care is taken by Revyz to protect customer data from incidents (either accidentally or deliberately) to avoid a data protection breach that could compromise security. For more information, please see our Security Incident Policy.
Bug Fix Policy
Bug Severity - Critical
SLA - Within 10 business days of being reported
Example - Direct access to application or database servers
Bug Severity - High
SLA - Within 3 weeks of being reported
Example - Leakage of sensitive data through bugs / exploits in the application
Bug Severity - Medium
SLA - Within 6 weeks of being reported
Example - Leakage of non-sensitive data
For more information, please see our Change Control & Release Management.