Security

Rewst develops and delivers SaaS products that provide our customers with a Robotic Process Automation platform for automating workflows. In addition to providing world-class software solutions for our customers, we are committed to ensuring industry best practices are in place to secure our platform. Our information security and engineering teams have implemented cybersecurity best practices across the organization, including data security, secure development and infrastructure, and maintaining a secure workforce. These are just some of the core cybersecurity components that provide our customers with the assurance that our platform is secure.

SOC 2 Type 2

As part of our commitment to building a secure environment, Rewst has achieved SOC 2 Type 2 compliance. This process includes a third-party audit to verify that our reported security controls are in place. Our SOC 2 controls are in place to secure our platform, maintain confidentiality, and ensure that our platform will be available when our customers need it.

Data Privacy and Security

Our world today runs on data. Rewst implements comprehensive data security controls to protect customer data and privacy. In addition to our SOC 2 Type 2 certification, Rewst is GDPR compliant and has been audited by a third-party to verify our compliance with these data protection and privacy regulations. We maintain strict data privacy controls to protect customer data and ensure regulatory compliance. More detailed information about our privacy practices is available in our Privacy Policy rewst.io/privacy-policy and through our Trust Center rewst.io/trust.

• Audited for GDPR Compliance
• Data encrypted at-rest and in-transit
• Role-based access control (RBAC)
• Principle of least privilege

Secure Development

We recognize the need for a secure development lifecycle that incorporates security-by-design principles to ensure robust application security. Our security and engineering teams have integrated secure coding practices into the company’s CI/CD pipeline. This includes DevSecOps tooling like static and dynamic security testing, and an in-depth QA code review process to identify and remediate security issues before deployment into production. We also maintain a formal Vulnerability Disclosure Program (VDP) that provides security researchers with a clear process to report potential vulnerabilities.

• CI/CD pipeline security with automated security testing
• Dependency scanning and vulnerability management
• Integrated DevSecOps practices
• QA Code Review Team

Secure Application and Infrastructure

Rewst’s automation platform is hosted on AWS infrastructure, and leverages industry-leading cloud infrastructure security capabilities, including isolated data hosting, continuous logging and monitoring, and vulnerability detection.

We also conduct intensive penetration testing on a regular cadence, including OWASP testing, and regular risk assessments. Our internal security and engineering teams maintain continuous security monitoring solutions to identify vulnerabilities and implement remediation based on contextual severity. This multi-layered approach ensures our automation platform maintains the highest security standards for our MSP customers.

• Continuous vulnerability scanning
• Logging and monitoring solution
• Pentesting, including OWASP
• Static application security testing (SAST)
• Dynamic application security testing (DAST)
• Vulnerability Disclosure Program (VDP)

Secure Workforce

Rewst’s commitment to security extends across our entire team. All of our employees undergo continuous security awareness training, including internal phishing campaigns to maintain vigilance against social engineering attacks. We control access to data and systems, based on the employee’s roles, and have multi-factor authentication (MFA) and secure password management tools in place. Our leadership team also includes multiple CISSP certified professionals, many with direct MSP backgrounds and extensive cybersecurity experience. Short story – we understand the unique security challenges facing our MSP customers today.

• Employee Device Encryption
• Secure Password Management
• Multi-Factor Authentication (MFA)

Request More Information

View our Trust Center rewst.io/trust for more information, including accessing our SOC 2 Type 2 report, and in-depth information packet on our security program.

If you have additional questions, please work with your Rewst point of contact to connect you with the right person or contact our security team directly at security@rewst.io.