Security

Controls for people data, operational commitments, and customer-impacting work.

RivetOps is built for teams that need to review workforce records, schedules, operational notes, customer windows, and audit evidence with practical controls before rollout.

Security packet Security questionnaire Subprocessor list DPA and privacy notice Incident response summary

Identity and access

SAML SSO, SCIM provisioning, role-based access, enforced MFA through identity provider, and domain verification on Enterprise plans.

Data protection

TLS in transit, encrypted application databases and backups, export logs, configurable retention, and practical regional storage commitments.

Auditability

Admin, integration, permission, assignment, escalation, export, and closeout events are retained for review.

Resilience

Status page, incident process, customer notification commitments, encrypted backups, and documented recovery procedures.

Enterprise review

Security review follows the buying process.

Scoping

Confirm data categories, integrations, user roles, territories, and retention needs.

Questionnaire

Provide security questionnaire responses, DPA, subprocessors, and architecture notes.

Controls

Review SSO, SCIM, permissions, audit logs, export controls, and incident commitments.

Launch

Confirm production access, support contacts, notification route, and operating owner.