Security information page

Our mission is to empower our customers to achieve stronger security and compliance by setting uncompromising standards within our own organization first. We do not simply comply—we anticipate, adapt, and proactively protect.

Security & privacy

Security is at the core of everything we do at R3levance. At R3levance, security is lived at every level: from internal frameworks and technical solutions to our daily operations and strategic decisions. We continuously invest in advanced safeguards and privacy measures, ensuring that every process, product, and partnership upholds our promise of trust and resilience. By holding ourselves to the strictest benchmarks—not only industry requirements but the expectations our clients have for trusted partners—we create meaningful value and lasting confidence. For R3levance, robust security and compliance are not checklists—they are fundamental values we embody, driving every action and innovation.

Governance

01.

Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.

02.

Security controls should be implemented and layered according to the principle of defense-in-depth.

03.

Security controls should be applied consistently across all areas of the enterprise.

04.

The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

PREVIOUS
NEXT

Data protection, Product- & Enterprise security

Endpoint protection

All corporate devices are centrally managed and are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.

Secure remote access

Vanta secures remote access to internal resources using Tailscale, a modern VPN platform built on WireGuard. We also use malware-blocking DNS servers to protect employees and their endpoints while browsing the internet.

Security education

R3levanceVanta provides comprehensive security training to all employees upon onboarding and annually through educational modules within Vanta’s own platform. In addition, all new employees attend a mandatory live onboarding session centered around key security principles. All new engineers also attend a mandatory live onboarding session focused on secure coding principles and practices.

Vendor security

R3 follows a risk-based approach to vendor security by evaluating factors such as the sensitivity and volume of data a vendor handles, the criticality of their services to our operations, their overall cybersecurity posture, relevant compliance requirements, financial stability, contract terms, and the level of access granted. These criteria help us assign a risk rating and ensure that all vendors are appropriately assessed and monitored throughout our relationship.

Data at rest

All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Additionally, sensitive data is protected with field-level encryption. This means the data is encrypted even before it hits the database so that neither physical access, nor logical access to the database, is enough to read the most sensitive information.

Access to customer and corporate data

Access to both customer and corporate data at R3levance is strictly controlled and limited to authorized personnel based on defined roles and responsibilities. We implement robust access management policies, ensure data is only processed for its intended purpose, and conduct regular reviews to prevent unauthorized access or misuse.

Integration with production environments

Integration with production environments at R3levance is carefully managed through strict separation of development, testing, and production systems. Only authorized, role-based personnel can access production systems, and changes are thoroughly reviewed and tested before deployment to minimize risk.

Potential damage to R3

Potential damage to R3levance from security incidents or business disruptions includes operational downtime, financial losses, reputational harm, regulatory penalties, and erosion of customer trust. To minimize these risks, R3levance continuously identifies, assesses, and prepares for a broad range of threats by maintaining robust controls, conducting risk assessments, and updating business continuity plans regularly.

PREVIOUS
NEXT

Certifications & Compliance

At R3levance, we are committed to the highest standards in information security and compliance. We are in the process of obtaining industry-leading certifications, including SOC 2 Type II attestation and ISO 27001 compliance certification. Once achieved, our SOC 2 Type II report and ISO 27001 certificate will be accessible via our Trustcenter, ensuring full transparency for customers and stakeholders.