tpvar-redivis.md

---

title: "Third-party vendor assessment report: Redivis" author: "Adam Richie-Halford" lang: "en" date: "2024-10-12" ...

ROAR Third-Party Vendor Assessment Report

Vendor: Redivis
Assessor: Adam Richie-Halford, ROAR Information Security Officer

Overview

Redivis is a data management and analytics platform used by universities and research institutions for secure data storage, processing, and sharing. This assessment evaluates Redivis's compliance with recognized industry standards and verifies its suitability as a third-party vendor for processing ROAR data.

Certifications and Compliance

• SOC 2 Type II: Redivis is SOC 2 Type II certified, demonstrating adherence to robust security controls related to security, availability, processing integrity, confidentiality, and privacy. This certification confirms that Redivis has effectively implemented measures to protect sensitive data from unauthorized access.

• HIPAA and FedRAMP Compliance: Redivis is built on top of Google Cloud Platform services that are HIPAA and FedRAMP compliant.

The SOC 2 Type II reports and details on FERPA compliance can be requested directly from Redivis for verification. Further information is available at the Redivis security page

Security Practices

• Data Encryption: Redivis uses strong encryption standards, such as AES-256, for data at rest and TLS for data in transit. This protects data throughout its lifecycle.

• Access Management: Redivis employs role-based access controls to ensure that only authorized users can access specific data sets. Multi-factor authentication (MFA) is also available to enhance account security.

• Incident Response: Redivis has an incident response plan in place, with monitoring and procedures for detecting, analyzing, and responding to security incidents promptly.

Conclusion

Redivis meets the security requirements for processing sensitive research data. Its SOC 2 Type II certification and compliance with HIPAA and FedRAMP make it a suitable platform for storing and analyzing ROAR data.