Rvvup handles your transactions and your personal data with the attention that is required and we are committed to doing so having achieved certification with ISO 27001 and Cyber Essentials Plus.
Your information is secure both at rest and in transit. We use modern cryptographic algorithms to make sure that your information is secure at all times. We use TLS 1.3 across our entire infrastructure for data in transit and symmetric algorithms of appropriate key length for data at rest. We apply database, file system and block device encryption wherever we store your information.
- Secure Software Development Lifecycle
Our proprietary code is constantly scanned for vulnerabilities. Through integration with their development environments our developers can check their code to ensure that it does not contain vulnerabilities. This continues all the way through the CI/CD pipeline with checks until the code is deployed to production. Deployed code is scanned daily for emerging vulnerabilities. The same applies to the third party libraries that we integrate into our code - we are informed about vulnerabilities affecting them and we act accordingly in order to update those libraries as needed.
- Cloud Security
We are using Amazon Web Services (AWS) to host all our systems providing maximum resiliency and security through the use of high availability infrastructure, while enjoying major benefits from the best in class AWS security. We use multiple accounts to separate environments and to create barriers between production and the rest of our infrastructure.
- IaC and Production Access
There is limited human access to our production environment and all deployments take place using Infrastructure as Code (IaC) processes. IaC scripts are constantly scanned using our code scanning solution and the same applies to our container images in order to make sure that all changes to our infrastructure are secure.
- System Hardening and Patching
Our systems are hardened and patched promptly and we check for vulnerabilities along the entire lifecycle of a system. We have a robust vulnerability management policy that defines all necessary SLAs and we are committed to follow them.
- Identity and User Access
We are following secure IAM practices that are constantly reviewed and updated as needed. Access to systems is over Single Sign On (SSO) and we use automatic provisioning and deprovisioning of user accounts to minimise exposure.
- Passwords and 2FA
Our employees have access to a password manager that allows them to use strong passwords, while at the same time we protect this access by the use of a second factor of authentication.
- User Awareness and Training
Rvvup employees are well versed in the area of information security and data protection, but reminders and updates are always necessary. All our employees receive an annual training and there are constant updates and guidance throughout the year on the topics of information security and data protection.
- Data Protection
a) We are committed to ensuring that all your data protection rights are fulfilled through the use of proper processes.
b) All our practices ensure that your personal data is protected according to GDPR (e.g. lawfulness, fairness, transparency, etc).
c) We are running an extensive data protection program that allows us to maintain all necessary records as needed by GDPR (e.g. DPIAs, vendor management database, Record of Processing Activities, etc.).
d) Your personal data is protected through the implementation of all the necessary security controls.
a) We achieved ISO 27001 certification without any findings proving that commitment to security is a top priority for Rvvup. You can see our certificate here and you can verify it here.
b) We achieved Cyber Essentials (verify here) and Cyber Essentials Plus (verify here) certifications; the UK government-backed security certification.