Criteria and Revelian take the protection of our customers’ data very seriously. We have developed a robust cybersecurity strategy designed to provide ongoing security of data, systems and information collected and used in our core business operations.
This page provides answers to common security-related questions. Our internal security experts are happy to provide further information and to discuss our security protocols in more depth if required.
Yes. Our APAC operations are ISO27001 certified, and certification of our North American operations to become compliant with ISO 27001 – Security Information Management Framework is underway as of March 2021.
We are compliant with:
Yes. We have implemented a data classification system which sees data split into 3 high level categories: public, sensitive and private. Each of these categories and sub categories has different controls implemented to ensure the appropriate use of data in those classifications.
Depending on which of our regional offices you are contracted with, your data will be stored in one of the two locations. Generally customers in APAC will have data stored in Australia and those in North America & other regions will have data stored in the United States.
There are strict procedures in place for the handling of customer data. Access to customer data is restricted to employees operating in customer service, consulting psychology or R&D. Customer data is accessed by these teams under the following conditions:
Yes. Criteria maintains a comprehensive cyber insurance policy for applications and data we host.
We have a $5m cyber insurance policy.
The PII held by Criteria and Revelian is limited to data that is required for us to conduct our core business for our customers.
In addition to the above information we collect:
All relevant policies are published on the www.criteriacorp.com and www.revelian.com websites and are accessible via the following links:
ASIA AND PACIFIC REGION
Criteria and Revelian have implemented a multi-layered approach to protecting systems and data which covers:
Yes. Criteria and Revelian maintain active DR and BCP plans which cover:
We treat all personally identifiable information we capture with the utmost security, and we are happy to see that you are security-minded as well. Some of our Information Technology Security information is available online, however, there are some documents that are of a more sensitive nature and therefore we require a Non-Disclosure Agreement to be signed prior to its being shared. Please complete the DocuSign and your request will be sent for authentication so we may send you the Security Level 2 information you have requested. Sign NDA.
Please contact us if you would like to receive more details regarding our information security.