Security
To ensure the highest standards of data security and compliance, RevContent has implemented a robust set of technical and organizational measures, internal controls, and information security routines designed to protect company data and personal data from accidental loss, destruction, or alteration, as well as unauthorized disclosure or access.
TECHNICAL & ORGANIZATIONAL MEASURES
Domain
Practices
Data Hosting and Infrastructure
RevContent's infrastructure is fully hosted on Amazon Web Services (AWS), a trusted cloud service provider with a strong compliance framework, including certifications like ISO 27001 and SOC 2. Our services are geographically distributed across AWS data centers in the US and other countries, ensuring high availability, resilience, and redundancy in the event of outages or incidents.
Data Encryption and Access Control
RevContent ensures that all data is encrypted both at rest and in transit. This is accomplished by leveraging AWS-native services, such as AWS Key Management Service (KMS) for data encryption at rest, and Transport Layer Security (TLS) for data in transit. Public-facing certificates are managed via AWS Certificate Manager, a trusted authority of SSL/TLS certificates for secure communication.
Every interaction, including API requests and web traffic between our systems and users, is fully encrypted using industry-standard encryption protocols. This ensures data confidentiality and security as it moves across the internet and through internal systems.
Access to sensitive data is strictly restricted to authorized personnel. Multi-factor authentication (MFA) and Virtual Private Network (VPN) access are mandatory for internal systems. Access is reviewed regularly to ensure compliance with our security protocols, and all data retrieval activities are logged for accountability.
Every interaction, including API requests and web traffic between our systems and users, is fully encrypted using industry-standard encryption protocols. This ensures data confidentiality and security as it moves across the internet and through internal systems.
Access to sensitive data is strictly restricted to authorized personnel. Multi-factor authentication (MFA) and Virtual Private Network (VPN) access are mandatory for internal systems. Access is reviewed regularly to ensure compliance with our security protocols, and all data retrieval activities are logged for accountability.
Automated Security and Continuous Monitoring
RevContent uses automated build processes that continuously assess our code for vulnerabilities, including outdated libraries or other potential threats. We also implement Intrusion Detection Systems (IDS) to monitor suspicious activities in real-time.
Additionally, third-party services continuously evaluate our software and infrastructure for potential security risks. This comprehensive monitoring provides constant protection against evolving threats, and any anomalous behavior triggers immediate alerts, allowing us to respond swiftly to potential incidents.
Additionally, third-party services continuously evaluate our software and infrastructure for potential security risks. This comprehensive monitoring provides constant protection against evolving threats, and any anomalous behavior triggers immediate alerts, allowing us to respond swiftly to potential incidents.
Data Security and Resilience
While we only process very limited categories of Personally Identifiable Information (PII), RevContent treats all customer data with the highest level of confidentiality. Data is encrypted at rest, and we maintain full audit trails of stored data, allowing us to track access and modifications. Access logs are maintained to record who has retrieved or accessed critical data, ensuring transparency and accountability.
To ensure data resilience, we replicate critical data across multiple locations, ensuring no single point of failure. This data replication helps prevent data loss due to hardware failure or other disruptions.
To ensure data resilience, we replicate critical data across multiple locations, ensuring no single point of failure. This data replication helps prevent data loss due to hardware failure or other disruptions.
Data Transmission and Integrity
All communication between RevContent’s servers and clients is encrypted using advanced encryption technologies, including HTTPS and TLS, to prevent interception and tampering of data in transit.
Incident Response and Data Breach Management
RevContent has a proactive incident response plan in place to deal with potential security breaches. Our response includes isolating affected systems, conducting a full investigation, and taking corrective actions. In the event of a breach that impacts personal data, we promptly notify the relevant stakeholders and regulatory authorities, as required by GDPR.
Human Resource Security
RevContent personnel are required to adhere to strict confidentiality obligations, non-disclosure commitments, and acceptable-use policies as applicable. RevContent conducts background checks on all employees in compliance with applicable laws and regulations. Policies and procedures are in place to ensure access to company systems and information is promptly revoked for terminated personnel. Regular audits are conducted to ensure the retention of confidential information aligns with regulatory requirements, and access to employee information is strictly limited to authorized administrators.
All RevContent personnel participate in training sessions every 18 months to maintain awareness of best practices across all levels of the organization. The RevContent employee handbook is updated appropriately to reflect current laws and includes detailed confidentiality policies. All employees are required to sign an acknowledgment of these policies, affirming their understanding and commitment to the company’s standards for security, confidentiality, and overall best practices.
All RevContent personnel participate in training sessions every 18 months to maintain awareness of best practices across all levels of the organization. The RevContent employee handbook is updated appropriately to reflect current laws and includes detailed confidentiality policies. All employees are required to sign an acknowledgment of these policies, affirming their understanding and commitment to the company’s standards for security, confidentiality, and overall best practices.
Certifications
RevContent has in place all security measures and practices which have allowed it to maintain its registration with the EU-U.S. Data Privacy Framework and the Swiss – U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland to the United States.