Security Statement

Introduction

Re4m’s commitment is to provide the best and most secure creative production system to every customer, regardless of their size. We use Re4m internally every day to deliver great work, faster and with more accuracy. Ensuring Re4m remains secure is vital to protecting our own data, and protecting your work is our highest priority.

Our security strategy covers all aspects of our business, including:

  • Re4m corporate security policies
  • Physical and environmental security
  • Operational security processes
  • Scalability & reliability of our system architecture
  • Collaborating with third-party security industry experts
  • Data model access control in Re4m
  • Systems development and maintenance
  • Service development and maintenance

Corporate Security Policies & Procedures

Every Re4m employee signs a Data Access Policy that binds them to the terms of our data confidentiality policies (see our privacy policy Re4m.io/privacy-policy). Access rights are based on employee’s job function and role and are regularly reviewed for refinement.

Security in Our Software Development Lifecycle

All changes to Re4m’s code base go through a suite of automated tests, in addition to manual reviews. When code changes pass the automated testing system, the changes are first pushed to a staging server, where Re4m engineers further test changes before an eventual release to production servers, and our customer base. We also undertake customized security reviews for particularly sensitive changes and features. Re4m engineers also have the ability to take action on critical updates and push them immediately to production servers, in the form of a software patch.

In addition to a list where all access control changes are published, we have a suite of automated tests that check that access control rules are written properly and enforced as expected.

Code Review

All components developed at Re4m are peer-reviewed by the product team to ensure security, performance, and adherence to the company’s principles and commitments.

OWASP Compliance

The Open Web Application Security Project (OWASP) is an online community that creates freely available articles, methodologies, documentation, tools, and technologies in the field of web application security. Started in 2001 as a non-profit organization its foundation has contributed to a wide range of publications.

Re4m has embraced relevant OWASP recommendations, and in order to comply with them, the Re4m engineering team tests against these critical vulnerabilities during each release ensuring the product is secure.

Infrastructure & Data Center Security

Data Centers

Re4m hosts with Amazon Web Services. Amazon employs a robust physical security program with multiple certifications, including SOC 1 & 2. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security.

Network Security

Our production networks are segmented to separate public services from internal services. Access to our production networks is controlled through a VPN. We monitor and remediate any potentially unsafe network configurations, such as open security groups.

Intrusion Detection

Re4m uses the best in class intrusion detection system and vulnerability management services.

Data Encryption

Re4m protects data using strong encryption. We never store passwords in clear text – they are always hashed and salted securely using bcrypt. Bcrypt is a proven algorithm and is considered one of the best choices for password storage.

Both data at rest and in motion is encrypted – all network communication uses TLS with at least 128-bit AES encryption.

Qualsys SSL Labs scored Re4m’s TLS configuration A on their SSL Server test, and we regularly monitor this score.

Architecture & Scalability

Scalability/Reliability Of Architecture

Re4m has been designed from the outset with redundancy at multiple levels. Re4m uses Amazon Web Services to deliver our application and manage user data, which also provides sophisticated redundancy, to mitigate risks arising from an individual server or disk failures.

Backup Strategy

Re4m has defined a mature approach to ensure that its information and data is backed up securely and frequently and that its restoration occurs in the most timely and efficient manner possible.

Re4m uses MongoDB Altas (leading Database as a Service Provider) for the storage of data.

The database instance and customer files are replicated synchronously so that we can quickly recover from a failure.

Product Security Features

Administrator Management Features

  • User Management – Administrators can see User/Collaborator status, and de-provision users from a central administration interface.
  • Authentication – Re4m allows named users to authenticate via Google Accounts, and Salesforce Accounts or set up SAML. If passwords are stored directly with Re4m, we secure them using salted bcrypt.

User Features

  • Privacy, Visibility, & Sharing Settings – Customer administrators determine who can access different areas within the Re4m application. Access to a Re4m instance is based on predefined user assignments (roles). You can limit a user’s access by giving them the role of a “Reviewer” or by inviting them as a Collaborator.

Privacy

Privacy Policy

Re4m’s privacy policy, which describes how we handle data input into Re4m, can be found at https://www.Re4m.io/privacy-policy

Availability

We are committed to making Re4m consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted.

Want to report a security concern?

Email us at support@re4m.io.

Last Revised:  15th March 2021