© 2020 Rev, Inc. All Rights Reserved.
sales@rev.com | 737-207-9232 | rev.com/security
Secure Infrastructure (cont.)
Rev.com’s infrastructure spans multiple AWS
availability zones for high availability and
utilizes amazon S3 for storage of data (https://
docs.aws.amazon.com/AmazonS3/latest/dev/
DataDurability.html). AWS provides Distributed
Denial of Service (DDoS) services.
Storage & Transmission
All customer files are encrypted both at rest and
in transit. Communications between you and Rev
servers are encrypted via industry best-practice
protocols TLS 1.2 and AES-256. TLS is also
supported for encryption of emails.
Backup & Recovery
Rev backs up data constantly to prevent any loss
or corruption. All Rev & customer data is hosted
at Tier IV or III+, SSAE-16, PCI DSS, or ISO 27001
compliant facilities in the United States.
Data Control & Deletion
Customers can purge video, audio, and/or
document data from Rev systems at any point via
the User Interface (UI) and can set up automated
deletion policies via a support ticket.
Software Development Lifecycle
As a cloud service company, Rev.com releases
software frequently so that clients may benefit
from on-going development of new service
and security capabilities. Rev.com follows a
defined Software Development Lifecycle (SDLC)
that includes the application of security-by-
design principles. Rev operates using an agile
development methodology under which software
development teams and management are tasked
with ensuring that the SDLC process and design
principles are followed.
Secure Service Operations
Access to production infrastructure is managed
in keeping with Role Based Access Controls
(RBAC) and “Least Privilege”. Access is limited to
the Rev.com operations team. Sensitive product
service data stored in service databases never
leaves the production system.
Firewall rules are maintained so that production
systems can only be accessed for maintenance
from defined Rev.com locations using secured
access mechanisms. Systems are maintained
in a hardened state with defined baselines for
all host and network equipment. All changes to
systems are tracked and managed according to
well-established change management policies
and procedures. The patch level of third-party
software on systems is regularly updated to
eliminate potential vulnerabilities.
Availability & Access
We maintain a redundant infrastructure with
99.9% uptime. All customer data is accessible
to sta only to the extent necessary to perform
the required work. And just like our customer
support, our Security Team is on call 24/7 to
respond to security alerts and events.
Breach Detection and Response
Rev.com utilizes network Intrusion Detection
Systems (IDS) and network integrity management
tools to continuously monitor the state of the
system. Availability is continuously monitored
using external monitoring tools. Application and
infrastructure logs are aggregated and archived
centrally, facilitating both analysis for suspicious
access patterns and future forensic analysis.
Regular external vulnerability scanning is also
performed.
In the event of a breach, Rev.com has the
ability to isolate components of the system for
containment and maintain ongoing operations.
Rev.com’s incident response team is at the ready
to notify customers of security impacting events
according to contractual agreements.