Data Security & Confidentiality Policies
Last Updated: 2026-04-28
ReVisionz is committed to protecting the confidentiality, integrity and availability of client information. We apply layered security controls, structured access governance and disciplined operational practices across all delivery environments. Our approach reflects the responsibility entrusted to us by our clients and aligns with recognized cybersecurity frameworks.
Security Governance Approach
ReVisionz applies a defense-in-depth model. Security controls span infrastructure, access management, workforce governance and operational oversight rather than relying on a single safeguard.
All client engagements are governed by non-disclosure agreements and contractual confidentiality obligations. Access is granted based on defined business need and reviewed throughout the engagement lifecycle.
Infrastructure & Hosting
ReVisionz delivery environments are hosted within Microsoft Azure that enforces 2 factor authentication for all users. These servers do not have external access enabled, and cannot be accessed outside our network.
Client environments are logically separated and secured using role-based access controls. Systems are protected through secure authentication protocols, including multi-factor authentication.
Applications operating within these environments are password protected and monitored under enterprise cloud security standards.
Where necessary, limited client information may be used within these environments to support specific delivery activities. In most cases, work is performed within client-managed environments.
Access Management
ReVisionz follows least-privilege principles. Access is assigned based on client, role and tool.
Users working on one client engagement do not have access to other client environments. Within each engagement, permissions are restricted to approved business needs.
Access rights are reviewed periodically and revoked when engagements conclude or personnel transition off projects.
Data Handling & Lifecycle Controls
Client environments are actively managed throughout the engagement lifecycle.
Infrastructure usage is reviewed regularly. Systems and associated storage are decommissioned when no longer required.
Demonstration environments use vetted and approved data only. Proprietary client information is not reused across engagements and is not included in demonstrations or marketing materials.
Where necessary, limited client information may be used within controlled environments to support delivery activities such as testing or validation.
Where highly sensitive information is involved, additional confidentiality controls may apply.
Workforce Security & Device Controls
ReVisionz recognizes that workforce awareness is essential to cybersecurity.
All employees and contractors participate in recurring cybersecurity awareness training focused on secure handling of sensitive information and phishing prevention.
Corporate devices are centrally managed and monitored. Administrative privileges are restricted and software installation requires approval. Contractors are contractually required to comply with ReVisionz IT and data handling policies.
Compliance & Oversight
ReVisionz aligns its security posture with the National Institute of Standards and Technology (NIST) cybersecurity framework. Controls are maintained to support continued alignment.
A third-party IT provider supports monitoring, security oversight and continuous improvement of infrastructure and controls.
Internal IT security and acceptable use policies govern how systems and data are handled and are reviewed periodically.
Project Platform Standards
Third-party project and work management platforms used in delivery must meet defined enterprise security standards.
Each client engagement operates within a dedicated workspace with controlled access. Approved platforms must support encryption, authentication controls and activity logging appropriate for enterprise use.
Clients retain ownership of their data at all times.
Working Within Client Environments
In most cases, ReVisionz works directly within client-provided environments using client-managed credentials and access controls. This approach maintains data within the client’s established security perimeter and under their governance.
What We Do Not Do
ReVisionz does not share client data across clients, use confidential client data in demonstrations or marketing, retain access after it is no longer required or bypass client IT or security processes.
Stakeholders
ReVisionz works with client IT, security and legal teams to align data access models and controls with organizational requirements.
Frequently Asked Questions
Yes. ReVisionz works with client IT, security and legal teams during vendor onboarding and project initiation and can provide documentation describing our security practices.
Client environments, collaboration spaces and permissions are segregated by engagement. Personnel working on one client do not have access to other client environments.
Access is revoked when personnel transition off projects. Environments and infrastructure are reviewed and decommissioned when no longer required.
No. Clients retain full ownership of their data. ReVisionz uses client information only to deliver the agreed services.
Yes. Many engagements are delivered within client-provided environments using client-managed credentials and systems.
Yes. Additional confidentiality measures or access restrictions can be implemented when projects involve highly sensitive information.
Some projects use enterprise collaboration or work management platforms that must meet defined security and access control standards.
Clients can raise questions with their ReVisionz project lead.