Enterprise Trust Security Practices
At Rizkly, serving as your compliance partner with expert advisory and a secure operating platform is our most important job. Rizkly expert advisors who review your information and correspond with your team members treat your data with an abundance of care and concern. The Rizkly cloud application was built from the ground up with strict security requirements and operational processes to secure your data, give you control of user access, and provide you with methods to safely share information inside and outside of your organization.
Data Center & Redundancy
We work with top-tier hosting partners to ensure that you can deliver services to your organization confidently on a platform you can trust. We have data redundancy and hosting at AWS facilities. These facilities have biometric scanning protocols, continuous surveillance, and 24 X 7 production environment management. Rizkly runs on a high availability platform which protects the Rizkly application against common web exploits that may affect availability or compromise security. Our advanced network protection system lets us control how traffic reaches Rizkly and uses security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out unusual traffic patterns.
We build security into our product to ensure that your most valuable asset—your data—is protected. We use strong, encrypted passwords and leverage role-based access. We employ firewalls with robust rules to further reduce unwanted requests. Tenant databases are isolated to provide further protection. We partner with third-party security professionals to conduct security assessments. Leveraging NIST standards, we conduct quarterly administrative access reviews. Our multi-layer data access permissions enables partner security and includes policy and procedure review.
Encryption serves as the last and strongest line of defense in a multilayered data security strategy. The Rizkly app uses encryption to safeguard your data and help you maintain control over it. We also use encryption for system connection information to further protect the integrity at the system level. Here’s what you can rely on from Rizkly: all data durably stored with industry standard ciphers, proven transport layer security (TLS) technology from the most trusted providers, AES 256 at-rest encryption, Amazon’s S3 and RDS service to encrypt, store and serve uploaded files.
We have implemented policies and procedures designed to ensure that your data is secure and backed up on the AWS cloud. Our production ops team monitors the Rizkly platform, responds to system-wide performance changes and optimizes resource utilization to ensure consistent experiences for customers. We are continually evaluating new security threats and implementing updated countermeasures designed to prevent unauthorized access or unplanned downtime of your Rizkly subscription service. Access to Rizkly production systems and data is limited to authorized members of the tech ops team in the US and Mexico.
As our customers operate in diverse sectors to include US Government, US Defense, Healthcare and Financial Services, we made a corporate decision pursue compliance with the FedRAMP Moderate Baseline. FedRAMP is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies. Rizkly chose FedRAMP because it is universally considered the ‘high bar’ for demonstrating a strong cloud security posture. As a part of our efforts Rizkly has selected and deployed on a best-in-class FedRAMP Authorized Infrastructure as a Service (IaaS). Our current plan is to be fully compliant with the FedRAMP Moderate Baseline before the end of CY 2023. In advance of this milestone we are always willing to engage in more detailed conversations with our clients and prospects and provide additional insights into our security and compliance posture.
If you have questions or concerns, please contact Rizkly at: email@example.com or 12110 Sunset Hills Road, Suite 600, Reston, VA USA 20190.
Effective as of January 2023
Questions about FedRAMP, OSCAL and where you stand?
We will give you a call to discuss your needs and demonstrate why Rizkly is the right model for FedRAMP success.
Under 50 employees? Register for our CMMC Starter package.
Specially priced for small businesses that need to address 800-171 and SPRS scoring now and CMMC later.
Rizkly experts will advise, guide and review hardware and software technology changes to ensure that they address specific compliance controls but we do not perform the actual implementation work. Over the years, we have a developed a trusted ecosystem of partners who offer effective and affordable solutions to expedite remediation of security and compliance gaps. We will gladly refer you to appropriate partners if and when the need arises. Creating policies, procedures and other artifacts are also a key part of compliance remediation efforts and these are activities that our advisors do perform using powerful Rizkly features for policies and procedures.
Rizkly cybersecurity compliance advisors will work with you through the entire lifecycle of your compliance initiative. We will scale up/down depending on specific need, and we co-create our involvement in the early stages of the project. Typical project activities include:
- Gain an understanding of your business, your clients, your system(s), and your anticipated compliance requirements
- Educate your team members on compliance requirements, how to leverage the Rizkly app and what will be expected throughout the effort
- Develop the system ‘boundary’, and what will be in scope for compliance purposes
- Draft a system architecture diagram that clearly depicts the system boundary
- Review existing documentation and work with your team members to understand system and process specifics
- Perform a high level gap assessment to determine what controls are in place and operating effectively, and where there are gaps
- For each gap determine a detailed plan of action to remediate
- Collaborate as needed with personnel (staff and/or your vendors) during remediation.
- Provide advisory support, develop documentation, design controls, review evidence, audit prep, etc.
- Ensure that all artifacts and control implementation statements are effectively captured in Rizkly
- Educate your team on how to leverage Rizkly to generate audit-ready documentation such as SSPs, POAM reports and SPRS scoring
- Post-remediation ensure that all controls are in place and operating effectively