Policies¶
Revzio maintains a management-approved, version-controlled set of information security and data privacy policies. Each is owned by a named role, reviewed at least annually (or on significant change), and approved through documented review.
The full text of each policy is shared with customers and auditors under NDA — see how to request documents. The list below is the public index of what we hold.
| # | Policy | What it covers |
|---|---|---|
| 00 | Information Security Policy (master) | The overarching security program, governance, roles, and scope. |
| 01 | Data Privacy & Protection Policy | How personal data is collected, processed, retained, and protected; data-subject handling. |
| 02 | Access Control Policy | Least-privilege access, provisioning/deprovisioning, periodic access reviews. |
| 03 | Password & Authentication Policy | Password strength, authentication, and account-protection requirements. |
| 04 | Encryption & Key Management Policy | Encryption in transit and at rest; key management. |
| 05 | Data Retention & Disposal Policy | Retention schedules and secure disposal of data. |
| 06 | Acceptable Use Policy | Acceptable use of company systems and data. |
| 07 | BYOD & Endpoint Security Policy | Endpoint and bring-your-own-device security standards. |
| 08 | Vulnerability Management Policy | Vulnerability scanning, remediation SLAs, and assessment cadence. |
| 09 | Network Security Policy | Network segmentation, edge controls, and secure configuration. |
| 10 | Logging & Monitoring Policy | What is logged, retention, and monitoring. |
| 11 | Third-Party / Vendor Risk Management Policy | Subprocessor onboarding review and ongoing vendor risk management. |
| 12 | Change Management Policy | How changes are reviewed, approved, and released. |
| 13 | Secure SDLC Policy | Security in the software development lifecycle, including dependency review. |
| 14 | HR Security Policy | Personnel security: roles, screening, agreements, and offboarding. |
| 15 | Security Awareness & Training Policy | Security awareness training and tracking. |
| 16 | Asset Management Policy | Asset inventory and ownership. |
| 17 | Threat Intelligence Policy | How threat intelligence is gathered and acted on. |
| 18 | Incident Response Plan | How security incidents are detected, triaged, and handled. |
| 19 | Business Continuity & Disaster Recovery Policy | Continuity and recovery objectives and testing. |
| 20 | Subprocessor Register | The current list of subprocessors — see the Subprocessors page. |
Note
This index mirrors the internal policy set. It intentionally describes what each policy covers rather than reproducing the policy text, which is shared under NDA.