At Rewind, security is our top priority. Our customers trust us with their data and we take that responsibility seriously. Rewind’s commitment to security management includes policies, practices, controls, risk management, employee education, incident reporting, and reviews that address and reduce risk.
Rewind’s approach to security is multifaceted. All Rewinders are responsible for upholding the highest standards of security and data protection, we have an elite Trust Team that implements and operationalizes security best practices, and our VP oversees the information security program.
- Information Security Policies
- Information Security Policies are reviewed annually.
- Security training and awareness
- Rewind conducts quarterly security training and conducts ongoing awareness campaigns.
- Vendor risk management
- Rewind ensures that the use of vendors does not create an unacceptable potential for risk for Rewind and its valued customers.
- Data encryption
- All data at rest in our databases, cache services, or other data stores is encrypted using standard AWS encryption mechanisms – typically AES 256.
- For data in transit across the network, all communication takes place using HTTPS (encrypted) connections. We use a certificate with a 2048 bit key size on all of our Rewind endpoints and certificates are rotated regularly.
- Least privilege
- Access to systems is restricted to individuals who have a need-to-know such information and who are bound by confidentiality obligations. Access is monitored and audited for compliance.
- Vulnerability Scans
- Scans are performed regularly on Rewind applications to ensure any vulnerabilities are identified and remediated.
- Penetration Tests
- Pen tests are performed annually by an independent third-party.
- Multi Factor Authentication
- MFA provides an additional layer of security beyond your username and password.
- User Activity Logs
- Customers are able to request and download user access logs from within the application.
- User Access Levels
- Assign business owner user access levels and employee access levels.
Potential customers can request more information by visiting the Security Portal.