# Security, Privacy, and Service Assurance Epiphany Validation Engine (EVE) is delivered as a secure SaaS-based validation platform designed to support continuous security validation while protecting the confidentiality, integrity, and availability of customer information. The service is operated under a controlled security model that combines secure communications, protected data handling, operational governance, and service assurance practices aligned with industry good practices. EVE is designed to help organizations validate security controls and detection capabilities without exposing sensitive operational details publicly. For this reason, the public documentation describes the security posture and governance approach of the service, while more sensitive technical, architectural, and assurance details are handled through controlled customer-facing processes. #### Secure Service Delivery Model **SaaS delivery under controlled operations** EVE is provided as a managed SaaS service operated within controlled environments. The platform is maintained under formal operational processes intended to support secure delivery, service continuity, platform integrity, and consistent performance. **Security by design and operational governance** The service is managed using security and operational practices that include controlled change processes, monitoring, incident handling, vulnerability management, and periodic service review activities. These practices are intended to support a resilient and security-focused operating model for the platform. #### Protection of Data in Transit **Encrypted communications** EVE is designed so that communications between customer environments and the platform are protected through secure and encrypted communication channels. This includes platform access, console usage, agent communications, and other service interactions required for the operation of the solution. **Confidentiality and integrity during transmission** These encrypted channels are intended to preserve the confidentiality and integrity of transmitted information and to reduce the risk of unauthorized interception, disclosure, or tampering while data is moving between local infrastructure and the cloud service. #### Protection of Data at Rest **Controlled storage of service data** Information managed by EVE, including configuration data, validation results, reports, telemetry, and operational records, is stored within controlled service environments governed by security and access controls aligned with service assurance practices. **Protection of sensitive information** The service applies safeguards intended to protect sensitive and confidential information throughout its lifecycle in the platform. These controls are designed to support the secure storage, handling, and processing of customer-related information within the SaaS environment. #### Access Control and Administrative Security **Controlled access to service information** EVE operates under a controlled access model intended to ensure that platform data and administrative functions are available only to authorized users and processes. Access is governed according to operational responsibility and service administration requirements. **Role-based governance and visibility** The platform supports administrative governance through controlled user access, role-based operation, and visibility into service activity as applicable to the operating model. This approach strengthens oversight and supports secure administration of the solution. #### Operational Security Practices **Vulnerability management and security review** Reveald maintains operational practices intended to identify, assess, and address security issues affecting the service. These practices may include internal review activities, vulnerability management processes, controlled remediation, and security-oriented service assurance tasks. **Change control and service integrity** EVE is managed through controlled operational processes designed to preserve service stability and integrity. Changes to the service are handled through structured procedures intended to reduce operational risk and maintain secure service delivery. **Monitoring and service protection** The platform is supported by monitoring and operational oversight practices intended to identify relevant service conditions, support continuity, and enable timely response to issues affecting the platform or its security posture. #### Incident Management and Service Resilience **Incident response readiness** EVE is operated with service management practices intended to support the identification, escalation, handling, and communication of relevant operational or security incidents affecting the platform. **Continuity and resilience** The service is managed with continuity-oriented practices intended to support resilience, operational recovery, and sustained service availability. These measures are part of the overall governance model used to deliver the platform securely and reliably. #### Customer Data Ownership and Handling **Customer ownership of customer data** Customer information processed by EVE remains subject to controlled handling and authorized use. Reveald recognizes the importance of protecting customer-owned information and managing it under defined service and security principles. **Controlled data handling lifecycle** Where applicable, data handling considerations such as access, retention, use, review, and disposition may be addressed through the applicable commercial, contractual, implementation, and security review processes to align with customer requirements and regulatory expectations. #### Security Architecture and Internal Protective Controls **Protected service architecture** EVE is supported by a security-focused service architecture intended to protect the platform, service components, and customer-related information. This includes protective measures designed to preserve confidentiality, integrity, availability, and secure service operations. **Sensitive technical detail handling** Because architecture-specific protections, infrastructure details, internal security controls, and operational defensive mechanisms are sensitive in nature, they are not fully disclosed in public-facing product documentation. This helps protect the service and its customers while still enabling appropriate assurance discussions through controlled channels. #### Audit, Assessment, and Evidence Availability **Service assurance evidence** As part of Reveald’s service assurance approach, supporting information related to security practices, reviews, assessments, or operational controls may be available through the appropriate customer review process. **Controlled disclosure of sensitive evidence** Detailed evidence such as audit-related materials, vulnerability assessment outputs, architecture-related protections, infrastructure location details, incident-related records, or other security assurance artifacts may be shared when required as part of procurement, due diligence, risk assessment, or customer security review activities, subject to the appropriate confidentiality, contractual, and scope controls. #### Confidentiality and Controlled Information Sharing **Public documentation versus controlled disclosure** Public documentation is intended to describe the service model, core protection principles, and general governance posture of EVE. However, certain operational, architectural, and assurance details are intentionally handled outside of open documentation because they contain sensitive information that should not be broadly disclosed. **Disclosure through appropriate channels** When customers require deeper security assurance, additional information may be coordinated directly with Reveald through the appropriate sales, technical, legal, or contractual channels and, where necessary, under confidentiality obligations. #### Alignment with Security Good Practices **Security-oriented operating model** EVE is delivered under a security-focused operating model in which secure communications, controlled access, service governance, operational monitoring, data protection, incident handling, and evidence management are treated as core service principles. **Support for customer assurance processes** This approach allows organizations to assess EVE not only as a security validation platform, but also as a service delivered with privacy, governance, and operational assurance considerations in mind. #### Additional Information Further information regarding security controls, service governance, operational practices, architecture considerations, audit-related evidence, or compliance-supporting materials can be coordinated directly with Reveald through the appropriate customer engagement process and, where necessary, under confidentiality and contractual safeguards. **Controlled availability of sensitive materials** Certain security, architectural, audit, operational assurance, and infrastructure-related details are available upon request through Reveald and may be shared under appropriate confidentiality and contractual controls. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.reveald.com/technical-documentation/admin-guides/epiphany-validation-engine-users-guide/chapter-1-architecture-of-eve/platform/security-privacy-and-service-assurance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.