Enterprise Trust Security Practices

Overview

At Rizkly, serving as your compliance partner with expert advisory and a secure operating platform is our most important job. Rizkly expert advisors who review your information and correspond with your team members treat your data with an abundance of care and concern. The Rizkly cloud application was built from the ground up with strict security requirements and operational processes to secure your data, give you control of user access, and provide you with methods to safely share information inside and outside of your organization.

Data Center & Redundancy

We work with top-tier hosting partners to ensure that you can deliver services to your organization confidently on a platform you can trust. We have data redundancy and hosting at AWS facilities.   These facilities have biometric scanning protocols, continuous surveillance, and 24 X 7 production environment management.  Rizkly runs on a high availability platform which protects the Rizkly application against common web exploits that may affect availability or compromise security.  Our advanced network protection system lets us control how traffic reaches Rizkly and uses security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out unusual traffic patterns.

Data Security

We build security into our product to ensure that your most valuable asset—your data—is protected. We use strong, encrypted passwords and leverage role-based access.  Tenant databases are isolated to provide further protection.  We partner with third-party security professionals to conduct security assessments.  Leveraging NIST standards, we conduct quarterly administrative access reviews. Our multi-layer data access permissions enables partner security and  includes policy and procedure review.

Encryption

Encryption serves as the last and strongest line of defense in a multilayered data security strategy.  The Rizkly app uses encryption to safeguard your data and help you maintain control over it.  We also use encryption for system connection information to further protect the integrity at the system level.  Here’s what you can rely on from Rizkly: all data durably stored with industry standard ciphers, proven transport layer security (TLS) technology from the most trusted providers, AES 256 at-rest encryption, Amazon’s RDS service to encrypt, store and serve uploaded files.

Operational Management

We have implemented policies and procedures designed to ensure that your data is secure and backed up on the AWS cloud. Our production ops team monitors the Rizkly platform, responds to system-wide performance changes and optimizes resource utilization to ensure consistent experiences for customers.  We are  continually evaluating new security threats and implementing updated countermeasures designed to prevent unauthorized access or unplanned downtime of your Rizkly subscription service. Access to Rizkly production systems and data is limited to authorized members of the tech ops team in the US and Mexico.

Continuous Improvement

As our customers operate in the commercial, US Government and US Defense sectors,  we made a decision to achieve compliance with the FedRAMP Moderate baseline requirements.  With this decision, we began efforts at the beginning of 2020 to evaluate FedRAMP-compliant managed platform-as-a-service (PAAS) offerings.  In March we selected a FedRAMP Authorized Platform as a Service vendor and are now progressing on both FedRAMP-compliant platform and FedRAMP Moderate control requirements.  With  completion of these efforts targeted by July,  we will be positioned for SOC2 and CMMC Level 3 compliance.  Your Rizkly expert will gladly answer any questions regarding our certification status.

Contacting Us

If you have questions or concerns, please contact Rizkly at: rizklysupport@rizkly.com or 9812 Falls Road, Potomac, Maryland 20854 Suite 214-211.

Effective as of March 2020

Questions about CMMC and where you stand?  

We will pick up the phone and give you a call to discuss your needs. 

Schedule a CMMC Planning Discussion