Global Data  

Regulation on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

How Revyz Helps

• Art. 32 (Security): Backup & Restore
  Revyz provides an essential technical measure by enabling robust backup and restore of personal data. This ensures you can rapidly recover information after an incident like a ransomware attack or accidental deletion, fulfilling the core requirement to maintain data availability and integrity.
  
  
• Art. 17 (Erasure): Issue Deletion Log
  To prove compliance with the 'Right to be Forgotten,' organizations need a record of their actions. Revyz generates an immutable Deletion Log, which serves as a verifiable audit trail to demonstrate to regulators that an individual's data erasure request was successfully fulfilled.
  
  
• Art. 30 (Records): Audit Logs Backup
  This article requires detailed records of processing activities (ROPA). By securely backing up audit logs, Revyz preserves a complete and tamper-proof history of all data handling, providing the critical information needed for regulatory audits and for accurately maintaining your ROPA documentation.
  
  

Region: European Union & UK

Industries: All

Relevant Articles/Controls: Annex A: A.8.13, A.8.15, A.5.18

An international standard on how to manage information security via an Information Security Management System (ISMS).

How Revyz Helps

Revyz provides practical tools that align directly with specific security controls listed in ISO 27001's Annex A, helping organizations implement and prove their compliance.

• A.8.13 (Backup): Backup & Restore
  This control requires regular backups of information to protect against data loss. Revyz directly fulfills this by providing automated, secure backups and a tested restore capability, ensuring critical data can be recovered reliably after an incident to maintain business operations.
  
  
• A.8.15 (Logging): Audit Logs Backup
  This control mandates the production and protection of event logs for incident investigation. Revyz's Audit Logs Backup feature preserves a complete, tamper-proof history of user activities, ensuring these crucial records are safe and available for security analysis and forensic review.
  
  

• A.5.18 (Access Review): User License Insights
  This control requires that user access rights are reviewed at regular intervals. Revyz's User License Insights provide administrators with clear visibility into permissions and licenses, simplifying the process of reviewing user access to ensure the principle of least privilege is maintained.
  
  

Region: Global

Industries: All  

Relevant Articles/Controls: Security, Availability, Confidentiality, Processing Integrity, Privacy

An auditing standard for service organizations, which specifies how organizations should manage customer data based on five 'trust service principles. A SOC 2 report provides these customers with the crucial assurance that their sensitive information is protected by a robust set of internal controls.

How Revyz Helps

Revyz helps address key criteria:

• Security:
  This principle requires protecting system resources against unauthorized access. Revyz's Config Manager & Drift Analyzer continuously monitor for unauthorized configuration changes, while the Audit Logs Backup preserves a secure, immutable record of all system activity to prove that monitoring controls are effective.
  
  

• Availability:
  This principle addresses the accessibility of the system as committed to in service level agreements (SLAs). Revyz's Backup & Restore capability is a critical control for availability, ensuring that data can be reliably recovered after an incident to minimize downtime and support business continuity objectives.

Region: Global, while SOC 2 is an American standard, it is globally recognized as a benchmark for security and trust. It is often a requirement for service organizations that want to work with enterprise customers in North America and around the world, serving as a key differentiator in the market.

Industries: Technology, SaaS, and Cloud Computing SOC 2 is especially critical for SaaS providers, cloud computing platforms, and other technology companies that store or process customer data.

Non compliance: Loss of customer trust, inability to win enterprise deals, breach of contract.

Relevant Articles/Controls: Sections 302 & 404

A US federal law that mandates certain practices in financial record keeping and reporting for all U.S. public companies. Revyz provides essential tools that help companies establish and prove the effectiveness of their IT General Controls (ITGCs), which are fundamental to SOX compliance.

How Revyz Helps

Revyz helps address key criteria:

• Sec 302/404 (Internal Controls): Config Manager provides an auditable trail for IT changes, and Audit Logs Backup secures evidence of control operations. These sections require executives to certify the accuracy of financial reports and the effectiveness of internal controls. 
  
  Revyz's Config Manager provides a detailed, auditable trail of all changes to critical IT systems, while the Audit Logs Backup secures immutable evidence of these controls, supporting management's assertions to auditors.

SOX audits rely heavily on verifying IT General Controls, such as logical access control, segregation of duties, and system configuration management.

Region: United States

Industries: Public Companies 

Non-compliance repercussions: SOX non-compliance leads to severe repercussions for companies and executives, including multi-million dollar fines, delisting from stock exchanges, and prison sentences of up to 20 years for certifying fraudulent financial reports.

Relevant Articles/Controls: Control Objectives (e.g., BAI04, DSS05)

A framework for the governance and management of enterprise information and technology (I&T). Developed by ISACA, it provides a comprehensive set of principles, practices, and models to help organizations align their IT strategy with business objectives, manage risk, and extract optimal value from their technology investments.

How Revyz Helps

Revyz provides tools that help implement and prove specific control objectives outlined in the COBIT framework, particularly in the domains of change management, service delivery, and monitoring.

• Change Control & Monitoring: 
  COBIT requires robust processes for change control, data availability, and security monitoring. Revyz's Config Manager supports change control objectives (like BAI06), Backup & Restore addresses availability (BAI04), and Audit Logs Backup provides the evidence needed for monitoring security services (DSS05).

Region: Global

Industries: All

Non-compliance repercussions: Poor IT governance, leading to increased security risks, operational inefficiencies, wasted technology investments, and failed audits for mandatory regulations.

Relevant Articles/Controls: Control Categories

A certifiable security and privacy framework that helps organizations manage data, risk, and compliance. The HITRUST Common Security Framework (CSF) is a comprehensive and certifiable framework that helps organizations manage data, risk, and compliance. Originally created for the healthcare industry to address HIPAA security requirements, it has since become industry-agnostic. It harmonizes multiple standards and regulations—like ISO 27001, NIST, PCI DSS, and GDPR—into a single, integrated set of security and privacy controls.

How Revyz Helps

Revyz provides tools that directly support the implementation and evidence collection for several key HITRUST control categories, helping organizations prepare for and maintain certification.

Revyz helps address key criteria:

• Data Availability & Access:  
  HITRUST mandates specific controls for data availability, access control, and logging. Revyz's Backup & Restore directly supports data availability requirements, User License Insights helps manage and review user permissions for access control, and Audit Logs Backup provides the immutable evidence needed for logging and monitoring controls.

Region: Global

Industries: HITRUST is the de facto standard in Healthcare and is now widely adopted by Technology and Finance companies, as well as any global enterprise seeking a prescriptive and certifiable framework to demonstrate a mature security posture.

Non-compliance repercussion: Failure to achieve HITRUST certification can result in the loss of major contracts, significant competitive disadvantage, and an inability to prove compliance with underlying regulations like HIPAA. 

Relevant Articles/Controls: Clause 7: Support, Clause 8: Operation

ISO 9001 is the world's leading international standard for a Quality Management System (QMS). It provides a framework for organizations to consistently deliver products and services that meet customer and regulatory requirements. The standard is built on several quality management principles, including a strong customer focus, a process-oriented approach, and the drive for continual improvement. 

How Revyz Helps

Revyz helps address key criteria:

• Clauses 7 & 8 (Support & Operation):
  These clauses require controlled processes and the maintenance of documented information. Revyz's Config Manager provides a systematic and auditable trail for changes to operational workflows managed in IT systems, directly supporting the change control requirements of Clause 8 and helping to protect the integrity of "documented information" as required by Clause 7.

Region: Global

Industries: Manufacturing, Automobile, Shipping, Services, Global

Non-compliance repercussion: 

Failure to maintain ISO 9001 certification can result in the loss of customer confidence, exclusion from tenders and contracts, and an inability to demonstrate a commitment to quality.

Relevant Articles/Controls: Requirements 2, 6, 10

The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard for organizations that handle credit cards from the major card schemes. Version 4.0 is the current standard that all organizations must now adhere to.

How Revyz Helps

Revyz helps address key criteria:

• Req 2 (Secure Config): Revyz's Config Manager & Drift Analyzer help establish and monitor secure configurations. This ensures system components are not deployed with vendor defaults and that any unauthorized changes from a secure baseline are detected, directly supporting Req 2.2.
  
  
• Req 6 (Change Control): A key part of this requirement is managing all changes to system components. Revyz's Config Manager provides an immutable, auditable record of all configuration changes, supporting the change control processes mandated in Req 6.5.
  
  
• Req 10 (Logging): To ensure accountability and support investigations, audit logs must be protected. Revyz's Audit Logs Backup provides immutable, off-site storage for logs, helping meet Req 10.5, which requires securing audit trails from alteration.

Region: Global

Industries: Finance, Retail, E-commerce, Hospitality

Relevant Articles/Controls: Right to Delete, Security Procedures

A state statute intended to enhance privacy rights and consumer protection for residents of California, United States. 

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), is a landmark state statute designed to enhance privacy rights and consumer protection for residents of California. It grants consumers greater control over the personal information that businesses collect about them.

How Revyz Helps

Revyz helps address key criteria:

• Right to Delete: The law gives consumers the right to request the deletion of their personal information. Revyz's Issue Deletion Log provides an immutable, auditable record of data erasure. This serves as verifiable proof that a business has honored a deletion request, which is critical for demonstrating accountability to both consumers and regulators.
  
  
• Reasonable Security: The CCPA/CPRA requires businesses to implement and maintain "reasonable security procedures and practices." Revyz's automated Backup & Restore capabilities are a cornerstone of a reasonable security posture. By ensuring data integrity and availability, businesses can protect personal information from unauthorized access, destruction, or disclosure, and can recover data in the event of a breach.

Region:  California, USA (applies to any business that meets the criteria and handles the data of California residents)

Industries: All 

Relevant Articles/Controls: Based on NIST SP 800-171

Revyz provides tools that are foundational for implementing and proving several security practices required for CMMC certification, helping contractors build a mature and verifiable cybersecurity program. A framework to ensure Department of Defense (DoD) contractors properly protect sensitive information. 

How Revyz Helps

Revyz helps address key criteria:

• Data Recovery & Monitoring: 
  CMMC requires robust controls for data recovery, configuration management, and security monitoring. Revyz's Backup & Restore directly supports data recovery practices, Config Manager helps enforce configuration control to prevent unauthorized changes, and Audit Logs Backup secures the evidence needed for continuous monitoring and incident response.

Region: United States

Industries: Aerospace Defense Government Contracting

Non-compliance repercussion: Non-compliance with CMMC requirements makes a contractor ineligible to bid on or be awarded contracts from the Department of Defense, effectively blocking access to the defense supply chain.

Relevant Articles/Controls: Based on NIST SP 800-53

A US government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies.

How Revyz Helps

Revyz helps address key criteria:

• Contingency & Config Mgmt: 

  Revyz provides essential controls for Incident Response (IR) and Contingency Planning (CP) through its automated Backup & Restore capabilities. It also supports Configuration Management (CM) requirements with its Config Manager, ensuring system integrity and auditable change tracking.

Region: United States

Industries: Technology, Cloud Computing

Relevant Articles/Controls: Rule 4511 & 3110; SEA Rule 17a-4

A framework of rules from the Financial Industry Regulatory Authority (FINRA) and the SEC that governs the activities of all registered broker-dealer firms and brokers in the U.S. to protect investors and maintain market integrity.

How Revyz Helps

• Rule 4511 & 17a-4 (Records):
  These rules require firms to create and preserve records in a non-rewriteable, non-erasable format (WORM - Write Once, Read Many). Revyz's Audit Logs Backup provides immutable, time-stamped storage for critical records, helping firms meet these stringent data preservation and accessibility requirements.
  
  
• Rule 3110 (Supervision):
  This rule mandates that firms establish and maintain a system to supervise the activities of their personnel. Revyz's Config Manager provides a version-controlled, auditable history of all system configuration changes, giving supervisory personnel the visibility needed to oversee system integrity and security.

Region: United States

Relevant Articles/Controls: Based on NIST publications

The Federal Information Security Management Act (FISMA) is a United States federal law that requires federal agencies to develop, document, and implement an agency-wide program to provide security for the information and information systems that support the operations and assets of the agency.

How Revyz Helps

• Contingency & Monitoring:
   Revyz's automated Backup & Restore directly aligns with the Contingency Planning (CP) control family, ensuring data can be recovered after a disruption. The Config Manager helps maintain secure operational baselines as part of the Configuration Management (CM) family, while Audit Logs Backup supports the Continuous Monitoring (CA) strategy by preserving logs for security reviews.

Region: United States

Relevant Articles/Controls: Security Rule §164.308, §164.312

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law designed to protect sensitive patient health information (PHI) from being disclosed without the patient's consent or knowledge. The Security Rule specifically sets national standards for protecting electronic PHI.

How Revyz Helps

Revyz provides key technical capabilities to help covered entities and their business associates comply with HIPAA Security Rule safeguards:

• §164.308 (Disaster Recovery): 
  This technical safeguard requires implementing procedures to control who can access ePHI. Revyz's User License Insights helps organizations monitor and manage user access, ensuring that only authorized personnel have access to systems containing sensitive patient data.
  
  
• §164.312 (Access Control): 
  This technical safeguard requires implementing procedures to control who can access ePHI. Revyz's User License Insights helps organizations monitor and manage user access, ensuring that only authorized personnel have access to systems containing sensitive patient data.
  
  
• §164.312 (Audit Controls):
  This technical safeguard mandates the implementation of mechanisms to record and examine activity in information systems that contain or use ePHI. Revyz's Audit Logs Backup provides immutable, long-term storage for audit trails, ensuring their integrity for security incident investigations and breach forensics.

Region: United States

Relevant Articles/Controls: CIP-007, CIP-010

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of requirements designed to secure the assets required for operating North America's bulk electric system. These standards are mandatory for owners, operators, and users of the bulk power system.

How Revyz Helps

• CIP-007 (System Monitoring): This standard requires entities to define methods to monitor systems to detect and respond to cybersecurity incidents. Revyz's Audit Logs Backup supports this by securely capturing and preserving critical system logs in immutable, off-site storage. This ensures the integrity and availability of event logs for forensic analysis and incident response, as required for monitoring and diagnostics.
  
  
• CIP-010 (Change Control): This standard mandates the management and monitoring of system configurations to prevent unauthorized changes. Revyz's Config Manager creates an auditable trail of all modifications, while the Drift Analyzer actively monitors for and alerts on any deviation from an approved baseline configuration. This provides a robust mechanism for enforcing change control and detecting unauthorized modifications in real-time.

Region: North America

Relevant Articles/Controls: Core Functions

The NIST Cybersecurity Framework (CSF) is a voluntary framework consisting of standards, guidelines, and best practices to manage cybersecurity risk. Developed by the U.S. National Institute of Standards and Technology, it provides a high-level, strategic view of an organization's cybersecurity risk management and is widely adopted globally across all sectors.

How Revyz Helps

• Recover: 
  This function supports the ability to limit or contain the impact of a potential cybersecurity event. Revyz's Config Manager helps maintain secure configurations and access controls, while User License Insights ensures only authorized users have access, reducing the attack surface.
  
  

• Protect: 
  The Detect function enables the timely discovery of cybersecurity events, and Respond supports the ability to take action. Revyz's Audit Logs Backup ensures that critical security logs are securely preserved and available for analysis, which is essential for detecting anomalous activity and investigating incidents.
  
  
• Detect/Respond:
  This function focuses on resilience and restoring capabilities impaired due to a cybersecurity event. Revyz's automated Backup & Restore capabilities are fundamental to this function, ensuring that data and configurations can be recovered quickly and reliably to resume normal operations.
  
  

Region: United States (Global adoption)

Industries: Critical Infrastructure, Public Sector


View Official Source

Relevant Articles/Controls: Five Technical Controls

Cyber Essentials is a United Kingdom government-backed scheme designed to help organizations of all sizes implement basic controls to protect themselves against the most common cyber attacks. Certification is often a prerequisite for bidding on UK central government contracts that involve handling sensitive data.

How Revyz Helps

Revyz provides tools that directly support several of the five core technical controls required for certification:

• Core Controls: 
  Revyz's Config Manager helps ensure systems are configured securely, a foundational control. User License Insights supports the principle of least privilege by providing visibility into user access, helping to manage accounts and permissions effectively.
  
  
• Malware Protection & Data Recovery: 
  While not a direct anti-malware tool, a critical part of defending against threats like ransomware is the ability to recover. Revyz's automated Backup & Restore provides a robust mechanism to restore data and systems after an attack, ensuring business continuity.

Region: United Kingdom

Relevant Articles/Controls: 10 Data Security Standards

The Data Security and Protection Toolkit (DSPT) is an online self-assessment tool required for all organizations that have access to NHS patient data. It allows them to measure their performance against the National Data Guardian's 10 data security standards, ensuring that personal and confidential data is handled safely and securely.

How Revyz Helps

Revyz provides key capabilities that help organizations meet their assertions across several DSPT standards:

• Data Access & Continuity: 
  The DSPT requires clear processes for business continuity and ensuring data integrity. Revyz's Audit Logs Backup provides immutable trails of data access for accountability, while its Backup & Restore function is a critical component of any disaster recovery plan, ensuring patient data can be recovered after an incident (Standard 8).
  
  
• Access Management: 
  A core standard is managing staff access to sensitive data appropriately. User License Insights helps organizations regularly review and manage user access rights, ensuring that only authorized individuals have access to confidential data, thereby enforcing the principle of least privilege (Standard 3).

Region: United Kingdom

Relevant Articles/Controls: General Principles

Japan's Act on the Protection of Personal Information (APPI) is the country's primary data protection regulation. It establishes rules for businesses that handle the personal information of individuals in Japan, focusing on principles of proper acquisition, utilization, and management of data.

How Revyz Helps

• Data Integrity:
   The APPI requires businesses to take necessary and appropriate security control measures. Revyz's automated Backup & Restore ensures data integrity and availability, protecting personal information from accidental loss or destruction.
  
  
• Access Management:
   A core principle is ensuring that access to personal information is controlled. User License Insights helps organizations monitor and manage user access rights, ensuring that only authorized personnel can access sensitive data.
  
  
• Erasure Proof:
  The APPI grants individuals the right to request the erasure of their data. Revyz's Issue Deletion Log provides an immutable, auditable record that a deletion request has been fulfilled, serving as essential proof of compliance.

Region: Japan

Relevant Articles/Controls: The 13 APPs

The Australia Privacy Act 1988 and its 13 Australian Privacy Principles (APPs) provide the foundational framework for the handling of personal information by most Australian government agencies and many private sector organizations. The APPs govern the collection, use, disclosure, and security of personal information.

How Revyz Helps

Revyz provides key capabilities to help organizations comply with several core APPs:

• APP 11 (Security of Personal Information):
  This principle requires organizations to take reasonable steps to protect personal information from misuse, interference, and loss. Revyz's automated Backup & Restore is a critical technical safeguard, ensuring data integrity and availability.
  
  
• APP 12 & 13 (Access & Correction):  These principles give individuals the right to access and correct their personal information. Revyz's User License Insights helps manage access controls, while the Issue Deletion Log provides an auditable record that data has been de-identified or destroyed in response to a valid request.

Region: Australia

Relevant Articles/Controls: Sections 24, 25, 26

Singapore's Personal Data Protection Act (PDPA) is the country's primary data protection law. It establishes a baseline standard of protection for personal data by governing its collection, use, disclosure, and care by private-sector organizations.

How Revyz Helps

• Protection & Retention: 
  The PDPA requires organizations to make "reasonable security arrangements" to protect data (Section 24) and to cease retaining it when no longer needed (Section 25). The Revyz toolkit helps meet these requirements through layered defense mechanisms like Config Manager and Drift Analyzer. Features like User License Insights help identify inactive data for deletion, while the Issue Deletion Log provides auditable proof of erasure to comply with retention limits.

Region: Singapore

Relevant Articles/Controls: Art. 5, 7, 10

The UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) is the primary federal data protection law governing the processing of personal data for individuals within the United Arab Emirates. It outlines the responsibilities of data controllers and processors to ensure data privacy and security.

How Revyz Helps

• PDPL Art. 7 (Controller Obligations): This article requires controllers to implement a range of technical measures to protect personal data. The Revyz suite helps meet this obligation with a comprehensive framework, from preventive controls (Config Manager) to detective controls (Config Drift Analyzer) and robust recovery mechanisms (Backup & Restore).
  
  
• PDPL Art. 10 (Breach Notification):
  In the event of a data breach, organizations must promptly notify the UAE Data Office. Revyz's Audit Logs Backup provides the detailed, immutable, and verifiable information required to understand the scope and nature of a breach, forming the basis of an effective and timely notification report.

Region: United Arab Emirates

Relevant Articles/Controls: Art. 6, 18, 46

Brazil's Lei Geral de Proteção de Dados (LGPD) is the country's general data protection law. Modeled after the GDPR, it governs the processing of the personal data of individuals in Brazil, regardless of where the data processing entity is located.

How Revyz Helps

• Revyz provides essential tools to help organizations comply with the core principles and mandates of the LGPD:

  • Art. 46 (Security Measures):

    This article requires data processing agents to adopt security measures capable of protecting personal data from unauthorized access and accidental or unlawful destruction or loss. Revyz's automated Backup & Restore provides a critical technical safeguard, ensuring data availability and integrity.

  • Art. 18 (Data Subject Rights): This article grants data subjects the right to the erasure of their personal data. Revyz's Issue Deletion Log creates a permanent, auditable record that a deletion request has been fulfilled, providing the necessary proof of compliance for audits.

  • Art. 6 (Processing Principles): The LGPD is based on principles such as accountability and transparency. Revyz's Audit Logs Backup supports these principles by securely preserving a long-term record of all data processing activities, which is essential for demonstrating compliance to authorities.

Region: Brazil

Relevant Articles/Controls: Principle 4.7 (Safeguards)

The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada's federal privacy law for private-sector organizations. It is based on ten fair information principles, with Principle 4.7 requiring that personal information be protected by security safeguards appropriate to the sensitivity of the information.

How Revyz Helps

• Principle 4.7 (Safeguards):
   This principle requires organizations to protect personal information against loss or theft, as well as unauthorized access or disclosure. Revyz's automated Backup & Restore provides a critical safeguard, ensuring data can be recovered reliably after an incident, thereby protecting it against loss.
  
  
• Data Erasure: 
  PIPEDA's principles give individuals the right to access their information and challenge its accuracy. Revyz's Issue Deletion Log provides an immutable record that personal data has been properly destroyed upon request, serving as verifiable proof of compliance.

Region: Canada