Security & Compliance FAQ Responses
Rewst develops and delivers SaaS products that provide our customers with a Robotic Process Automation platform for automating workflows. Recognizing the need by many of our customers to satisfy vendor due diligence questionnaires, the following responses have been prepared by our security and compliance team.
If you have additional questions, please work with your Rewst point of contact to submit them for a response or contact our security team. To request a copy of the most recent SOC 2 Type 2 audit report, please visit our Trust Center to begin the process.
General Security Program Information
Does your information security program align with industry standards or frameworks?
Do you have a formal Information Security Program in place?
Do you have a formal authorization process that restricts and controls privileged access rights?
Is your Privacy Notice/ Privacy Policy externally available?
Data Handling
Do services provided include processing of company data?
Where is data processed? Do your services involve transfer of information?
How do you encrypt customer data?
Do you have a formal process for the removal of data at the end of the engagement?
Does your organization have a Disaster Recovery Plan?
Does your organization have an Incident Response Plan?
Policies
Are all personnel required to sign Confidentiality Agreements to protect customer information, as a condition of employment?
Are all personnel required to sign an Acceptable Use Policy?
Do you have an access control policy in place?
Security Program Solutions and Vulnerability Management
Is MFA required for employees to log in to production systems?
Does Rewst regularly evaluate patches and updates for your systems, infrastructure, and code vulnerabilities?
How do you ensure code is being developed securely?
Vulnerability Disclosure Program (VDP)
Do you perform logging and monitoring?
Do you have a security awareness training program?
MUTUAL NON-DISCLOSURE AGREEMENT
THIS MUTUAL NON-DISCLOSURE AGREEMENT ("Agreement") is made and entered into as of today's date, between you and the company you represent and Rewst Inc, a Delaware corporation, with its principal place of business located at 17350 Gunn Hwy Odessa, FL 33556 ("Rewst Inc"). By confirming submission of this agreement, you are also confirming that you are authorized to enter into the non-disclosure agreement for the company you are representing.
WHEREAS, the parties desire to commence business discussions with respect to, among other things, (“Purpose”), and in the course of those discussions either party may disclose (“Discloser”) to the other party (“Recipient”) certain Confidential Information (defined below).
NOW, THEREFORE, for and in consideration of the mutual promises contained in this Agreement, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties, intending to be legally bound, do hereby agree as follows:
1. Confidential Information
-
“Confidential Information” shall mean all information and data relating to the Purpose (including the existence of the Purpose and any past, present or future negotiations and/or discussions with respect thereto) and/or to either party’s products, technology, trade secrets, intellectual property rights, confidential information, proprietary information, business or affairs, which shall include without limitation:
- Information in documentary or other tangible form, and is at the time of disclosure expressed to be disclosed in confidence or might reasonably be expected to be so disclosed;
- Information disclosed orally or by demonstration, and is at the time of disclosure designated as being imparted in confidence;
- Information imparted orally or by demonstration, and includes any note or record of the disclosure;
- Non-public information that the Recipient reasonably should have known was Confidential Information;
- All notes, files or other documents or materials, which are based on, contain or otherwise reflect such information and any copies of the foregoing.
-
This Agreement shall not apply to any information which:
- Is or falls into the public domain without breach of this Agreement by the Recipient;
- The Recipient can show from its files and records:
- Was in its possession or known to it prior to receipt from the Discloser;
- Has been developed independently at any time by or for the Recipient;
- Has been received from a third party, without breach by the Recipient, or such third party, of any obligation of confidentiality toward the Discloser.
2. Recipient’s Undertakings
- The Recipient undertakes:
- Not (except as contemplated in Clause 3 below) to disclose the Discloser’s Confidential Information in whole or in part to any third party;
- To use the same only for and to the extent necessary for the Purpose;
- Not to make any commercial use of the same or of any part thereof;
- Not to permit the Discloser’s Confidential Information to go out of its possession, custody or control;
- To immediately inform the Discloser if at any time it has knowledge that Confidential Information has or may come into the hands of third parties other than as permitted in accordance with the terms of this Agreement.
3. Handling of Confidential Information
- The Recipient shall maintain the Discloser’s Confidential Information in strict confidence and shall exercise, in relation thereto, no lesser security measures and degree of care (and in no event, less than a reasonable degree of care) than those which the Recipient applies to its own Confidential Information.
- The Recipient shall ensure that disclosure of Confidential Information is restricted to those of its employees, agents, officers, directors, consultants and professional advisors (“Associates”) to whom such disclosure is necessary for the Purpose, and, except with the prior written consent of Discloser, will not be disclosed by Recipient to any other third party.
- The Associates referred to in Clause 3.2 shall be informed of the confidential nature of the Confidential Information and shall be bound by the obligations contained herein. Recipient shall be liable to Discloser for any action or failure to act by the Associates referred to in Clause 3.2 that would constitute a breach of this Agreement.
- Without the prior written consent of Discloser, Recipient will not disclose to any third party (unless such disclosure is legally compelled) either the fact that the Confidential Information has been made available to such Recipient or the status of any discussions between the parties (all of which shall be considered Confidential Information).
- Notwithstanding anything in this Agreement to the contrary, Recipient may disclose Confidential Information to the extent that such disclosure is required by law, court order, or similar legal process; provided that, unless prohibited by law, Recipient shall give prompt written notice of any such request or requirement to Discloser and cooperate with any reasonable efforts to avoid or minimize such disclosure.
- Copies or reproductions shall only be made for the Purpose and all copies made shall be the property of the Discloser. The Recipient shall return all Confidential Information upon written request and destroy all documentation incorporating any Confidential Information.
4. Property
All Confidential Information submitted by one party to the other shall remain the property of the party from which it originates. Nothing herein contained shall be construed as a grant of any intellectual property rights to the Recipient. Neither party makes any representation or warranty as to the accuracy or completeness of any Confidential Information disclosed by it.
5. Termination
This Agreement shall continue in full force and effect until terminated by mutual consent or thirty (30) days prior written notice. Provisions that by their nature survive termination, including Clauses 2, 3, 4, 7, and 9, shall survive for five (5) years; trade secrets remain protected indefinitely.
6. Non-Assignment
This Agreement is personal to the parties and shall not be assigned without prior written consent, except in connection with mergers or asset sales.
7. Remedies
- No failure or delay in exercising any right under this Agreement shall operate as a waiver.
- Damages may not be adequate; parties are entitled to seek injunction, specific performance, or other equitable relief.
8. Counterparts
This Agreement may be executed in one or more counterparts, including electronic copies, all constituting the same Agreement.
9. Governing Law and Jurisdiction; Attorneys’ Fees
This Agreement shall be governed by the laws of Florida. Parties submit to Hillsborough County courts. Prevailing party may recover costs and attorneys' fees.
10. Severance of Terms
If any provision is unenforceable, it shall be severed and the remainder enforced with reduced scope or term if necessary.
11. English Language
The parties agree that this Agreement be drafted in English only.
12. Notices
Notices must be in writing, delivered by hand, mail, or courier. Parties may change addresses by written notice.