Security & Privacy

At Reputiva, trust is central to how we deliver cloud, cybersecurity, and FinOps advisory services. Our work often involves reviewing cloud environments, identity configurations, collaboration platforms, security settings, policies, and operational practices. We approach every engagement with confidentiality, least-privilege access, and practical security discipline.

Our Commitment

Reputiva is committed to protecting client information and delivering advisory services in a secure, responsible, and professional manner.

We help organizations assess and improve their security posture across cloud platforms, collaboration environments, identity systems, and SaaS tools. In doing so, we follow a simple principle: access only what is necessary, use it only for the agreed purpose, and protect client information throughout the engagement.

How We Handle Client Information

During an assessment or advisory engagement, Reputiva may review information such as:

  • Cloud configuration settings
  • Identity and access management controls
  • Microsoft 365 or Google Workspace security settings
  • Logging, monitoring, and backup configurations
  • Security policies, architecture documents, and operational workflows
  • Screenshots, exports, or evidence provided by the client
  • Interview notes and assessment findings

We do not request unnecessary access to sensitive systems or data. Where possible, we work from read-only access, client-provided evidence, screenshots, configuration exports, or guided screen-sharing sessions.

Access and Least Privilege

Reputiva follows a least-privilege approach. Access should be limited to what is required for the specific engagement.

Where direct access is required, we recommend:

  • Time-bound access
  • Role-based access control
  • Read-only permissions where possible
  • Named accounts instead of shared credentials
  • Multi-factor authentication
  • Client-controlled account creation and removal
  • Access revocation at the end of the engagement

Reputiva does not require permanent administrative access to client environments for assessment work.

Confidentiality

Client information, assessment findings, architecture details, screenshots, business context, and remediation priorities are treated as confidential.

Reputiva does not publish client names, findings, screenshots, or case studies without written permission.

Data Storage and Retention

Assessment notes, reports, and supporting materials are stored only as needed to deliver the engagement and support agreed follow-up activities.

At the end of an engagement, clients may request deletion of working files, evidence, and supporting materials that are no longer required, subject to legal, contractual, accounting, or legitimate business record-keeping obligations.

Assessment Reports

Reputiva assessment reports are designed to be practical and business-readable. Reports may include:

  • Executive summary
  • Scope and assumptions
  • Key risks and observations
  • Risk priority ratings
  • Business impact
  • Recommended remediation actions
  • Short-term and longer-term roadmap
  • Supporting references or evidence where appropriate

Reports are shared only with approved client contacts.

Use of Third-Party Tools

Reputiva may use standard business, productivity, collaboration, documentation, cloud, security, or AI-enabled tools to support delivery. Where third-party tools are used, we aim to avoid entering sensitive client secrets, credentials, regulated data, or unnecessary confidential information into those tools.

Clients may request restrictions on tool usage before the engagement begins.

Credentials and Secrets

Clients should not send passwords, private keys, API keys, tokens, recovery codes, or other secrets through email or unsecured channels.

Where credentials or privileged access are required, Reputiva recommends client-managed access through the client’s identity provider, privileged access process, or secure password-sharing mechanism.

Client Responsibilities

Security assessments work best when responsibilities are clear. Clients remain responsible for:

  • Approving assessment scope
  • Providing accurate information
  • Granting and revoking access
  • Reviewing findings
  • Deciding which remediation actions to implement
  • Ensuring internal legal, privacy, compliance, and procurement requirements are met

Reputiva provides advisory guidance and assessment findings; clients remain responsible for final business, security, legal, and operational decisions.

Responsible AI and Data Handling

Where AI tools are used to support research, drafting, analysis, or documentation, Reputiva takes care to avoid exposing sensitive client data unnecessarily.

Reputiva does not intentionally use client confidential information to train public AI models. Client-specific details should be minimized, anonymized, or excluded from AI-assisted workflows unless the client has approved the use case.

Incident Notification

If Reputiva becomes aware of a security incident affecting client information under Reputiva’s control, we will take reasonable steps to investigate, contain, and notify affected clients as appropriate.

Contact

For questions about Reputiva’s security and privacy practices, contact:

Email: info@reputiva.com
Website: reputiva.com
Consultation: reputiva.com/consultation/

Privacy Preference Center

Privacy Preferences