Rimsys Trust Center

At Rimsys, security is foundational to how we design, build, and operate our platform. A security-first mindset informs our development practices, infrastructure architecture, and organizational policies across the company. We treat the data entrusted to us—by our customers, their users, and partners—with care and responsibility. Security controls are embedded in our systems and processes to protect, maintain the integrity of, and ensure the availability of customer data while enabling the reliable delivery of our services. Our security and compliance program is independently validated through recognized third-party audits, including SOC 2 and ISO/IEC 27001. These assessments provide assurance regarding the design and operating effectiveness of our security controls and serve as the authoritative basis for evaluating our security posture. Customers and partners are encouraged to rely on the materials available in this trust center for security, compliance, and regulatory assessments.

security@rimsys.io

Compliance

Resources

Risk Assessment and Treatment Policy

Access Control and Termination Policy

Network Security Policy

Business Impact Assessment Policy

Statement of Applicability

Controls

Access control procedures

Access review of infrastructure

Physical access control systems

VPN access

Multifactor authentication

Encryption of data

Backup and recovery policy

Source code tool

Web application firewall

Vulnerability scanning

Outsourced Development Management

Sample code changes

Intrusion detection tool

Infrastructure baseline hardening policy

SSL/TLS certificates for infrastructure

Network diagram

Monitoring, measurement, analysis and evaluation

Alerts and remediation

Breach notification communication

Security incident list

Whistleblower policy

Log management tool

Vendor management program

Vendor onboarding

Vendor list

Vendor termination

New employee and contractor agreements

Employee handbook

Existing employee and contractor agreements

List of active employees & contractors as on date

Security awareness training implemented

Multi-availability zones

Asset register maintaining

Risk and Governance Executive Committee meeting minutes

Risk management program

Patch management

Antivirus and malware configurations

Customer termination

Asset register list

Termination checklist

Subprocessors

AzureCloud Infrastructure & Platform Services

AtlassianUnknown Category

AWSCloud Infrastructure & Platform Services

Microsoft 365 Unknown Category

FAQs

Emergency changes that can't follow regular processes due to urgency require immediate attention and discussion with a relevant service manager. Such changes are formally approved retrospectively after implementation. These emergency changes are later reviewed in periodic meetings to analyze lessons learned, root causes, and impacts.

Source code changes are logged, time-stamped, and attributed to their author in a source code management tool. Access to the source code tool is restricted to authorized users using multi-factor authentication.

All systems are patched and updated on a documented, regular, and timely schedule using the Common Vulnerability Scoring System (CVSS) to aid in setting patching guidelines. Critical security vulnerabilities must be patched as soon as possible regardless of CVSS score.