Article ID: 2433
Last updated: 14 Sep, 2023
Applies to Riva Bookings. Table of Contents: Statement on Data Storage and Employee / Customer PrivacyRiva Bookings does not store a copy of the user’s calendar. The Microsoft Exchange calendar web services API is used to perform encrypted "live data queries" to check the user’s availability. The calendar availability data is queried and processed using a "minimal data view". This minimalized view and resulting available slots are calculated based on the configured business rules. Only metadata for appointments that are booked via the Bookings are maintained within the application to ensure that the meeting can be updated and or cancelled. No Outlook data that may contain personally identifiable or confidential information is retrieved during the availability lookups and available time calculations. Existing calendar meetings and appointment details (fields like: subject, body, attachments, recipients, attendees) that are created in Outlook are never stored by Riva Bookings. Statement on Data Security
FAQ
Is there a SOC 2 attestation that covers Riva Bookings? Yes. As part of Riva’s compliance and trust program, all customer offerings are included in our SOC 2 program. Further information on our Third-Party Security Certifications can be accessed here. The latest SOC 2 Type 2 report included three Trust Services Categories including: Security, Availability and Confidentiality. This third-party assessment and attestation is completed by an independent AICPA firm, Schellman and Company. Customers may request a latest copy of our SOC 2 report by submitting a request to: privacy@rivaengine.com. Is there a third-party penetration test that covers Riva Bookings? Yes. As part of Riva’s compliance and trust program, all customer offerings are included in our security and vulnerability program. Riva’s secure software development policy ensures that all development teams leverage static code analysis (Sonar), and automated vulnerability scanning tools (Qualys), all Riva applications are rigorously tested. Disclosure of any vulnerability can be submitted following our Vulnerability Disclosure Policy. The latest third-party penetration test is completed by an independent AICPA firm, Schellman and Company. Customers may request the latest copy of the report by submitting a request to: privacy@rivaengine.com. Does Riva support Single Sign-On (SSO) for Riva Bookings? Yes. Riva supports multiple different types of authentications including “Login with Salesforce” and “Login with Microsoft 365”. These modern authentication methods (OAuth 2.0) leverage an organization existing identity infrastructure. Typically, no additional identity management customer configuration is required. All access is governed by appropriate “scope consent”. Is Riva Bookings data encrypted at rest and transit? Yes. Data is encrypted at rest and transit. For data in transit, Riva uses the latest versions of TLS as well has HSTS. These capabilities are provided using the latest Amazon Web Services Application Web Firewall (WAF) and Application Load Balancing (ALB) technologies. For data at rest, Riva leverages the Amazon Key Management Service (KMS). Encryption keys are automatically rotated. Is the Riva Bookings application single or multi-tenant? And where is the primary located? Every customer has a dedicated single tenant “container” that is isolated to each customer. Each customer’s configuration and application data is isolated and maintained in per-customer “document collection”. The primary Riva Bookings “Container Cluster” is located in the AWS Region of “us-east-1”. The application cluster and configuration is configured to ensure high-availability and for in high-usage scenarios, can also be set to allow auto-scaling. Does the solution leverage only modern integration patterns? Yes. Riva Bookings has been built and deployed using the latest in continuous integration, continuous delivery, continuous testing patterns as well as the latest in “devops” methodologies leveraging containers, modern application, and modern authentication principles. Are their any restrictions for which internet browsers and versions are supported with the Riva Bookings application? Riva Bookings frontend is built using the latest in web application technologies and leverages the Vue.js application framework providing a highly responsive desktop-like user experience. What deployment scalability and stability patterns and methods does Riva use regarding resiliency and redundancy? Riva Bookings is deployed into the Riva Cloud managed cloud service which is backed an Amazon Web Services infrastructure using the latest in Container-based application delivery methodologies ensuring a highly resilient and scalable solution. How are storage and processing volumes determined? Riva Bookings access the Microsoft 365 Exchange Online mailboxes to determine real-time availability. Access to the calendar available search is architected in a way to minimize the use of API calls, and impact on the Microsoft Exchange infrastructure. The same infrastructure is used by Riva Sync and Riva Insight. What information about meetings and calendars does Riva Booking store? Riva Bookings does not store a copy of the user’s calendar. The Microsoft Exchange calendar web services API is used to perform encrypted "live data queries" to check the user’s availability. The calendar availability data is queried and processed using a "minimal data view". This minimalized view and resulting available slots are calculated based on the configured business rules. Only metadata for appointments that are booked via the Bookings are maintained within the application to ensure that the meeting can be updated and or cancelled.
This article was:
Helpful |
Not helpful
Report an issue
Article ID: 2433
Last updated: 14 Sep, 2023
Revision: 10
Views: 0
Comments: 0
|