Our efforts to ensure the security of our clients’ and their customers’ data involve a range of proven tactics, third-party audits and certifications, in-depth customer audits, and direct dialog to verify our ability to meet enterprise-specific security demands.

Shared Responsibility Model

At Riva, we operate on a shared responsibility model that assigns specific security roles to all parties involved in the aggregation, storage, distribution, and use of enterprise data. In most cases, data responsibility is shared between the enterprise, a data residency provider, and, as keepers of the integration application, Riva. Here’s how these responsibilities are typically assigned:


controls the flow of data between CRM and business applications. In that role, we’re responsible for the implementation and maintenance of designated encryption protocols, permission-based data access controls, and current regulatory compliance.

Data Residency Providers

are responsible for secure data storage. Riva clients often partner with Amazon Cloud – in either single- or multi-tenant environments. In some cases, clients elect to maintain their own data centers, allowing for tailored access protocols and greater bandwidth to ensure reliable data delivery speeds.

The Enterprise

is ultimately responsible for how they gather, retain, and utilize customer data by implementing and following thorough privacy and security policies – and taking necessary steps to ensure regulatory compliance.

Third-Party Security Certifications

Riva maintains certifications with a number of third-party security auditing organizations. These certifications, many of which are nation, region, and industry-specific, are the result of in-depth evaluations of Riva’s written data security protocols – and verify that we scrupulously observe those protocols to protect enterprise data. Riva currently maintains the following certifications:

Industry-standard security designations:

  • SOC 2, Type 2
  • SOC1
  • SSAE 16
  • ISAE 3402

Data residency and access legislation certifications:

  • GDPR
  • MiFID
  • CCPA
  • Australian Data Privacy

AWS Certifications:

  • PCI DSS Compliant
  • ISO 27001
  • FIPS Validated 140-2

AWS Compliance:

  • CSA Cloud Security Alliance

There is no customer lifetime value without Trust

Security, privacy, and regulatory compliance are fundamental to Riva’s success, but the human elements of trust - transparency, and integrity - are just as vital.

Privacy You Can Trust

As a global company serving the data integration needs of large enterprise companies, Riva has developed a comprehensive understanding of privacy regulations throughout the world.

Industry Specific Compliance

We specialize in data solutions for regulated industries and tailor our solutions to ensure compliance at scale. As a result, our clients avoid sanctions, watchlists, and the threat of reputation damage.

Want to learn more?

Our advisors are here to help. They can answer all of your Riva-related questions, including topics like product portfolio, pricing, security, scalability, and compliance with industry regulations. Fill out the form below and a Riva advisor will give you a call.