top of page

Our RevLab Trust Management System

​At RevLab, we take pride in our technology and the value it delivers to our customers. These principles guide every aspect of our work. One of our core values is a commitment to innovation, which allows us to address the evolving needs of our customers effectively. We believe that listening to, understanding, and acting on customer feedback is the most impactful way to demonstrate our leadership and dedication.

 

We have heard from you, our customers, that you want greater insight into how we operate and manage our business. In response, we are pleased to share details about our Trust Management Program, in alignment with the ISO 27001 Security Management Standard, as our RevLab Trust Management System (RTMS).*

 
Importance of a structured management program?

There is value in management systems, whether you evaluate quality management systems, defect management systems, the kaizen method for continuous improvement, or a structured methodology to evaluate capability maturity. These management programs have been tested in the field, published, peer reviewed, and refined. Our RevLab Trust Management Program is based on the ISO27001 Information Security Management System standard.*

 

The basis of the ISO27001 standard is:

​

"This International Standard can be used by internal and external parties to assess the organization’s ability to meet the organization’s own information security requirements."

​

Value of International Standards as Guidance
(but not necessarily 'you must do')

As with any organization responsible for hosting and handling customer data, there are understandable concerns about whether RevLab, as an AI-cloud service provider, is taking the necessary steps to ensure the protection and confidentiality of its customers' data. Customers considering the use of AI-cloud services face similar challenges when deciding to host critical applications or services with a provider.


RevLab recognizes that each customer has unique security requirements. Our Trust Management Program is designed to take these requirements into account and establish a tailored set of security measures that align with our company’s specific environment. By aligning with the ISO 27001 framework, we have adopted a systematic approach to planning, operating, evaluating, and improving our security program. This approach enables continuous assessment of our program’s effectiveness and ensures that we adapt to new threats, evolving requirements, and opportunities to enhance overall performance.


We view international standards, such as ISO 27001, as comprehensive and well-structured guidelines. However, we carefully evaluate each control to determine its applicability and relevance to our specific environment. This tailored approach ensures that our security measures are both effective and appropriate for our operational needs, while maintaining alignment with global best practices.

​

Policy Management Program

The basis of the Trust Management System is our Policy Management Program (PMP). We have structured our policies to cover the domains included in both the ISO27001 standard as well as the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM). We have developed a couple of foundational principles to our Policy Management Program:

​

  • Be Published and Accessible: Policies will be clearly communicated and readily available to ensure all teams understand the standards they are expected to meet.

  • Be Supported by the Security Team: The security team will provide guidance and resources to enable teams to comply effectively with the policies.

  • Outline Clear Security Objectives: Policies will clearly define our security goals to ensure alignment and transparency across the organization.

  • Demonstrate Commitment to Regulatory Compliance: Our policies reflect our dedication to meeting all applicable legal and regulatory requirements.

  • Emphasize Continuous Improvement: Policies will be regularly evaluated and updated to address evolving risks and to improve the overall security posture of the organization.

  • Include an Exception Process: A formal exception process will be in place to address situations where compliance with specific policies is temporarily unfeasible.

  • Be Reviewed Annually: Policies will be reviewed and updated annually to reflect new threats, risks, and changes in the regulatory landscape.​

​

Read an overview and excerpts of our Technology Policies.

​​

Annual Information Security Program Review

At RevLab, maintaining a strong security framework requires continuous evaluation and oversight. To ensure our leadership remains informed and engaged, we prepare a comprehensive annual report for Senior Management. This report provides an in-depth review of our Information Security Program, offering visibility into its effectiveness and alignment with organizational objectives and regulatory requirements.

​

The report highlights key aspects of our security efforts, including an overview of risk evaluations, decisions around risk mitigation, updates on third-party vendor security, outcomes from testing and monitoring activities, and any significant incidents or breaches. It also outlines the actions taken to address challenges and improve security measures. By delivering this report, the individual responsible for overseeing our security program ensures that leadership can make informed decisions to continuously strengthen our approach to cybersecurity and risk management.

​

Risk Management Program
RevLab Trust Management Forum (RTMF)

We maintain a structured Trust Management Forum that includes representatives from each pillar of our Trust program. This ensures the consistent application of security, reliability, privacy, and compliance controls, as well as the effective management of risks across these areas. To provide comprehensive coverage of specific topics and ensure appropriate input, we have established separate forum meetings dedicated to addressing particular focus areas.

​

The RTMF’s purpose is to:

​

  • Establish Priorities and Actions: Collaborate to define and implement the necessary priorities and actions to protect [Your Company Name] and its customers from potential security threats.

  • Lead Efforts to Mitigate Vulnerabilities: Advocate for and drive initiatives within each business division to address deficiencies or vulnerabilities that could enable security breaches.

  • Provide Strategic Guidance: Offer direction and support to working groups on addressing critical security risks and ensuring compliance with relevant programs.

  • Foster a Culture of Security Awareness: Promote and embed a security-focused mindset across the entire organization.

​​

We strive to maintain the following forum meetings:

​

  • RTMF: Management Review (Annually - in line with annual budgeting)

  • RTMF: Resource Review (Annually - in line with annual budgeting)

  • RTMF: Risk & Vulnerability Reviews (Quarterly)

  • RTMF: Security Health Review (Monthly)

  • RTMF: Compliance Health Review (Monthly)

  • RTMF: Management Reviews (Weekly - each function team has a Management Review)

​​

The structure and frequency of these meetings are designed to ensure continuous evaluation of our threat landscape and our responses to emerging threats.


There are countless approaches to managing a security organization, each tailored to the unique needs of the organization. At RevLab, we have established a program that balances flexibility and responsiveness with the necessary structure to effectively evaluate and address new threats and risks, both to our organization and to our customers.

​

__________

​

* RevLab is presenting undergoing ISO27001 Security Management Standard certification and anticipates completion and certification in 2025.

​

Security Policies Notice

updated July 2025

​

The information contained in this Information Security Program is provided for informational purposes only and reflects RevLab’s current security policies and practices as of the date of publication. This document does not create any contractual obligations or legally binding commitments between RevLab, its customers, partners, or any other third party.

​

Revlab reserves the right to modify, update, or remove any portion of this Information Security Program at any time and without prior notice to ensure compliance with evolving laws, regulations, industry standards, and organizational needs. While [Your Company Name] endeavors to maintain a robust and effective security program, it cannot guarantee that all security incidents, breaches, or vulnerabilities will be prevented.

 

RevLab is not liable for any damages or losses, direct or indirect, resulting from the implementation, interpretation, or enforcement (or lack thereof) of this Information Security Program. Compliance with this program does not constitute a warranty or guarantee of absolute security. It is the responsibility of all users, customers, and third parties to implement their own security measures and to remain informed of updates to this program.

​

If you have any questions about this Information Security Program, please contact John Karber, Information Technology Manager, at john@revlab.ai.

Visit Product Site >

© 2025 Revenue Lab LLC. All Rights Reserved.

bottom of page