Security Controls Matrix
ReviveAI maintains security mapping controls in alignment with ISO2700 Annex A.
Relevant sections are detailed below.
| Control Reference | Objective | ReviveAI Implementation |
|---|---|---|
| A.5 Information Security Policies | Management direction | Documented Information Security Policy |
| A.5.9 Inventory of Information | Asset management | Data flow documentation & asset register |
| A.5.15 Access Control Policy | Controlled access | Role-Based Access Control (RBAC) |
| A.5.16 Identity Management | Authentication security | MFA enforced via Entra ID |
| A.5.18 Access Rights | Least privilege | Named admin accounts, reviewed periodically |
| A.6.3 Information Security Awareness | Staff awareness | Security training & confidentiality agreements |
| A.7.2 Physical Security | Facility protection | Inherited via Azure UK data centres |
| A.8.8 Technical Vulnerability Management | Vulnerability control | Azure security baseline & patching |
| A.8.9 Configuration Management | Secure configuration | Hardened Azure VNet + NSGs |
| A.8.10 Information Deletion | Secure deletion | Azure secure deletion & lifecycle policies |
| A.8.11 Data Masking | Data protection | Controlled environment; no production data export |
| A.8.12 Data Leakage Prevention | Prevent exfiltration | Private endpoints, restricted outbound access |
| A.8.16 Monitoring Activities | Logging & monitoring | Centralised audit logs |
| A.8.20 Network Security | Secure networking | VNet isolation & NSGs |
| A.8.23 Web Filtering | Secure access | Controlled admin endpoints |
| A.8.24 Cryptography | Encryption | AES-256 at rest, TLS 1.2+ in transit |
| A.8.28 Secure Coding | Secure development | Change control & restricted production access |
| A.5.23 Information Security for Use of Cloud Services | Cloud governance | Azure UK region restriction |
| A.5.30 ICT Readiness for Business Continuity | Resilience | Azure redundancy within UK regions |
| A.5.24 Incident Management | Incident response | Documented incident escalation procedure |
Cerification Position
ReviveAI does not currently hold ISO 27001 certification.
However: • Infrastructure provider Microsoft Azure holds ISO 27001, ISO 27017, ISO 27018, SOC 1 and SOC 2 certifications. • ReviveAI aligns operational controls to ISO 27001 Annex A standards.
Updated about 13 hours ago