Rvvup
handles your transactions and your personal data with the attention that is required and we are
committed to doing so having achieved certification with ISO 27001 and Cyber Essentials Plus.
- Encryption
Your information is secure
both at rest and in transit. We use modern cryptographic algorithms to make sure that your
information is secure at all times. We use TLS 1.3 across our entire infrastructure for data
in transit and symmetric algorithms of appropriate key length for data at rest. We apply
database, file system and block device encryption wherever we store your information.
- Secure Software Development Lifecycle
Our
proprietary code is constantly scanned for vulnerabilities. Through integration with their
development environments our developers can check their code to ensure that it does not
contain vulnerabilities. This continues all the way through the CI/CD pipeline with checks
until the code is deployed to production. Deployed code is scanned daily for emerging
vulnerabilities. The same applies to the third party libraries that we integrate into our
code - we are informed about vulnerabilities affecting them and we act accordingly in order
to update those libraries as needed.
- Cloud Security
We are using Amazon Web
Services (AWS) to host all our systems providing maximum resiliency and security through the
use of high availability infrastructure, while enjoying major benefits from the best in
class AWS security. We use multiple accounts to separate environments and to create barriers
between production and the rest of our infrastructure.
- IaC and Production Access
There is limited human
access to our production environment and all deployments take place using Infrastructure as
Code (IaC) processes. IaC scripts are constantly scanned using our code scanning solution
and the same applies to our container images in order to make sure that all changes to our
infrastructure are secure.
- System Hardening and Patching
Our systems
are hardened and patched promptly and we check for vulnerabilities along the entire
lifecycle of a system. We have a robust vulnerability management policy that defines all
necessary SLAs and we are committed to follow them.
- Identity and User Access
We are following
secure IAM practices that are constantly reviewed and updated as needed. Access to systems
is over Single Sign On (SSO) and we use automatic provisioning and deprovisioning of user
accounts to minimise exposure.
- Passwords and 2FA
Our employees have
access to a password manager that allows them to use strong passwords, while at the same
time we protect this access by the use of a second factor of authentication.
- User Awareness and Training
Rvvup
employees are well versed in the area of information security and data protection, but
reminders and updates are always necessary. All our employees receive an annual training and
there are constant updates and guidance throughout the year on the topics of information
security and data protection.
- Data Protection
a) We are committed to ensuring
that all your data protection rights are fulfilled through the use of proper processes.
b)
All our practices ensure that your personal data is protected according to GDPR (e.g.
lawfulness, fairness, transparency, etc).
c) We are running an extensive data protection
program that allows us to maintain all necessary records as needed by GDPR (e.g. DPIAs,
vendor management database, Record of Processing Activities, etc.).
d) Your personal
data is protected through the implementation of all the necessary security controls.
- Compliance
a) We achieved ISO 27001
certification without any findings proving that commitment to security is a top priority for
Rvvup. You can see our certificate here and you can verify it here.
b) We achieved Cyber Essentials (verify here) and Cyber Essentials Plus (verify here) certifications; the UK government-backed security
certification.