Compliance & Certifications¶
Draft — state the truth
Keep this page strictly accurate. Claim a certification only once it is actually held, with the report available under NDA. Until then, describe the program as aligned and in progress — never as certified.
Current status¶
Revzio's information security program is built on recognized frameworks (ISO 27001 / SOC 2) and backed by a documented, management-approved policy set. We are not yet independently certified; certification is on our near-term roadmap (below).
| Item | Status |
|---|---|
| Information security & privacy policy set | ✅ Documented, management-approved, reviewed annually |
| Subprocessor register + DPAs | ✅ Maintained — see Subprocessors |
| Encryption in transit & at rest | ✅ TLS 1.2+ / AES-256 |
| Tenant isolation (RLS) | ✅ Enforced at the database layer |
| Vulnerability management | ✅ Policy in place [confirm cadence/tooling] |
| SOC 2 Type 2 / ISO 27001 | 🟡 Planned — see roadmap |
| ISO 27701 (privacy) | 🟡 Planned — see roadmap |
Roadmap¶
- SOC 2 Type 2 or ISO 27001 — overall information security program, independently audited.
- ISO 27701 — privacy information management (extends ISO 27001).
- PCI-DSS — only if card data is ever handled directly (currently not).
We pursue these on the foundation of the documented controls already in place. Timeline and auditor/platform selection are being finalized.
Questions¶
Security teams evaluating Revzio can request our detailed documentation under NDA — contact security@revzio.ai . We're happy to walk through controls or complete a security questionnaire.