Security and compliance are critical at The RW Exchange (RWX). RWX understands that a redefined process is only valuable if we build our solution on a modern platform designed to meet today's security and trust requirements.
To achieve the security goals of our business, we protect our platform with industry-standard best practices.
Our services are hosted on the Amazon Web Services, AWS, to leverage their best of breed data centers. AWS utilizes a shared responsibility model. AWS protects its data-centers with access control, vehicular control, biometrics, and more. You can learn more at //aws.amazon.com/security/.
AWS's infrastructure is regularly audited and meets many compliance regulations, including SOC1 Type II, SOC2 Type II, and ISO 270001. Additional details are available at https://aws.amazon.com/compliance/programs/.
RWX employees utilize unique logins to provide traceable and auditable individual actions within our systems.
RWX protects accounts with two-factor authentication where available. We give preference to physical keys and one-time password generating applications. We permit SMS two-factor authentication only when other options are not available.
RWX utilizes a third-party to conduct regular penetration testing of its application. The third-party tests non-production systems to ensure the confidentiality, integrity, and availability of production data is not affected.
RWX utilizes AWS tools, including AWS Shield, to protect its environment from standard threats including, DDOS attacks.
RWX runs a managed third-party Web Application Firewall to protect data stored in the environment. The security team monitors WAF reports and investigates them as necessary.
RWX utilizes load balancers and servers spread through multiple AWS zones to ensure resilience to downtime and system failures. The system design utilizes master servers to monitor resources and replace nodes as needed. Monitoring provides alerts to our team if data is lost.
Critical data is backed up automatically by AWSs hosted RDS database services.
In the event of a significant outage, RWX can provision systems in another region using our coded deploy system.
Disaster Recovery exercises are conducted on an annual basis to ensure that the procedures work correctly.
RWX looks to limit the types of data that it collects.
RWX employs the latest in data encryption technology to secure your information. We use industry-standard TLS encryption and always transmit your data via HTTPS. You can verify that your connection to RWX is encrypted if you are using a modern browser like Chrome, Safari, or Firefox. Your browser's address bar will show you a (padlock symbol) to indicate your encrypted connection during your visit to rw-exchange.com.
If this symbol is missing at any time, please log out of RWX and contact us immediately.
We make use of advanced, industry-leading, real-time protection tools to defend our application and your data from malicious users and would-be cyber-attacks. Monitoring and countermeasure suites from Sqreen and Amazon Web Services enable us to protect your data for an easy and secure experience, every step of the way.
Help us keep your information safe – do your part to ensure your data is kept safe by following some best practices:
Don't share accounts or account details
Keep your login details – the email address and password you use to sign into RWX – to yourself. Don't let other people sign in on your behalf. Even if you trust others with your details, the fact is that sensitive information is simply safer when kept in as few places as possible.
Use a password manager and strong passwords
We recommend using trusted password manager software to manage your passwords. These tools take the guess work out of creating and remembering your passwords, eliminate insecure passwords, and often allow you to sign in to RWX and other apps and services using biometrics such as a fingerprint or a facial scan, along with a strong master password. If you insist on managing your own passwords, we suggest your pick a password that is easy for you to remember and hard for a friend to guess. Your birthday, kids' names, your graduation year, etc. are NOT necessarily good password builders as such information can often be found via social media/public domain. A good starting point for a password is four unrelated but memorable words, separated by spaces. Random numbers and special characters are recommended, but do make your password more difficult to remember.
Learn about cookies and how we use them here.