Security FAQ and Support
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Security FAQ and Support

  • Dark
    Light
  • PDF

Article summary

  • Is it possible to install Rivery on your own premises?

    No, Rivery is a cloud-based, entirely SaaS product.

 

  • Why is SaaS better than On-Premise?

    As a SaaS provider, we are responsible for all maintenance and operations. On-premise, on the other hand, demands time, personnel, and equipment to maintain things current.
    With high-end vendors, our SaaS systems are highly secure, with expert network and server security supervision. It is cost-effective, and we assist with business continuity during times of crisis.
    With Saas, solutions can be easily scaled up with minimum time and effort as the business grows.

 

  • Do You comply with recognized data security standards?

    Rivery is SOC2 Type II certified and is GDPR and HIPAA compliant.

 

  • What type of data will Rivery store to provide the service?

    The customer has complete control over the data that travels via Rivery's service. Unless the consumer requests it, Rivery does not keep the customer's data longer than is necessary to handle it; it is erased after 48 hours at the most.

 

  • What are the connection methods supported by the solution?

    Rivery supports a variety of connection techniques, including secure SSH tunnels and Private Link.

 

  • What techniques does Rivery allow for platform authentication?

    Rivery offers a variety of authentication methods, including SSO, Google OAuth 2.0, and user/password, depending on the customer's preferences.

 

  • Will Rivery support adding strong authentication when using SSO or Google oAuth2 as the preferred authentication methods?

    Yes, It is possible to use multi-factor authentication.

 

  • Will we be able to integrate Azure Active Directory and use our own credentials?

    Yes.

 

  • Is there built-in user role-based access in the SaaS solution?

    Yes, the capabilities can be managed by the Administrator.

 

  • What measures are employed to protect our backup data?

    We only back up metadata identifiers for GDPR compliance and user analytics, not customer data.

 

  • Does Rivery have a Disaster Recovery Plan (DRP)?

    Rivery has created a disaster recovery plan that is based on AWS systems that are SOC 2 Type II and ISO 27001:2013 certified. Service interruptions due to hardware failure, natural disasters, or primary data center outages are minimized using the DRP design. Every year, a DR test is conducted.

 

  • Do you encrypt data at-Rest?

    We encrypt all data at-rest based on AWS configurations. Customer data at rest is encrypted and hosted in separate storage services provided by AWS. Encryption is deployed with Amazon S3 which uses AES256 bit Encryption.

 

  • Do you encrypt data In-Transit?

    All traffic for both our customers and the platform is encrypted using a secure TLS connection.

 

  • Is Rivery's solution tested for penetration?

    Our system is subjected to annual penetration testing by independent third-party security vendors, who use a gray-box approach and at a minimum cover the OWASP Top10.

 

  • Do you obtain and document consent from the data subject when collecting, using, or disclosing privacy-related data?

    Yes, Rivery's privacy policy may give you more details.

 

  • Is Rivery making a reasonable attempt to keep the collection, usage, and storage of privacy-related data to the bare minimum required to achieve the data's intended purposes?

    Yes. Rivery does not save or sniff any data that passes through our customers' pipes (Rivers). Furthermore, the client's data is only kept for the duration of the pipeline's processing and is subsequently erased after a maximum of 48 hours. It's also worth pointing out that this is configuration-dependent. If a customer chooses to create their own landing zone, Rivery will not save any information.

 

  • Do you process or will you process any Personal Data on our behalf as part of the service you provide?

    Rivery only handles personal information that has been shared with us.

 

  • What type(s) of data are you processing that may be saved in storage?

    Client Contacts and Financial Data, as well as Configuration and Performance, are required for the engagement.

 

  • What are your main areas that conduct data processing?

    Our environment's data is processed at AWS data centers. The US and Europe are the physical locations.

 

  • Is there a system in place at Rivery for deleting all or a subset of Personal Data given in response to a specific request and/or contract termination?

    In accordance with GDPR, we shall comply with customer requests to remove all personal data.

 

  • Do you have a mechanism in place to detect, assess, monitor, and respond to security risks posed by third-party service providers?

    Rivery's third-party providers sign confidentiality agreements with Rivery to ensure that system confidentiality is maintained, which is in line with Rivery's policy. Prior to onboarding new suppliers, the Company has a third-party assurance process in place, which includes completing and approving vendor due diligence studies.

 

  • Do you keep track of all security issues and have a documented incident response plan?

    Yes, we can share it only under the terms of a non-disclosure agreement.

 


 

Please email our security team at security@rivery.io if you have any questions or concerns.


Was this article helpful?

What's Next