Security Policy
ORVISTA handles executive access requests, supporting materials, engagement correspondence, and written outputs within disciplined access and circulation boundaries. Security controls are designed to protect submitted materials while preserving ORVISTA’s role as a written, non-operational decision context practice.
Controlled access
Access is limited to authorized persons who require it for review, preparation, or delivery of the relevant written work.
Restricted circulation
Materials and outputs are circulated only within the intended scope and approved recipient set.
Secure handling
ORVISTA applies practical safeguards in storage, document handling, and internal review.
Direct oversight
Digital or AI-assisted support remains subject to direct internal review and responsibility.
Security approach
ORVISTA’s security approach is built around limited collection, controlled access, restricted circulation, and careful handling of submitted materials. Because ORVISTA’s role is limited to written decision context, information is not used for operational execution, representation, advocacy, negotiation, or unrelated commercial purposes.
Access control and limited circulation
Access to request materials, client correspondence, supporting documents, and engagement-related outputs is restricted to authorized persons who require access for review, preparation, or delivery of the relevant written work. Written outputs are prepared for the designated decision authority or approved leadership recipients, and are not circulated beyond the intended scope or applicable client agreement.
Data minimization
ORVISTA requests only the information needed to review an executive access request, assess scope alignment, and prepare agreed written decision context work. At the initial request stage, clients are encouraged to provide a clear but proportionate description of the matter and avoid submitting highly sensitive materials unless necessary.
Supporting materials and file handling
Supporting materials submitted through the website or during engagement review are used only to assess the matter, clarify scope, support internal review, or prepare agreed written outputs. Where a request does not proceed, materials may be retained only where necessary for review, records, legal compliance, or work-related protection, then deleted or archived according to internal handling practices.
Secure storage and document handling
Engagement-related materials are stored and handled with reasonable administrative, technical, and organizational safeguards appropriate to ORVISTA’s work. These safeguards may include restricted device access, controlled document storage, password protection, careful file naming, limited circulation, and separation of client materials from unrelated work.
Internal technology support
ORVISTA may use selected digital tools, including AI-assisted tools where appropriate, to support internal structuring, synthesis, drafting clarity, and preparation of written decision context under direct oversight. These tools do not replace analytical judgment, final review, or ORVISTA’s responsibility for the written output.
Third-party technical services
ORVISTA may rely on selected technical service providers to operate the website, receive official email, transmit forms, support technical security, maintain communications, or assist internal analytical work. When selecting or changing providers, ORVISTA considers confidentiality, necessity, access controls, and applicable requirements.
Incident handling
If ORVISTA becomes aware of unauthorized access, loss, misuse, or disclosure affecting client materials, ORVISTA will assess the nature and impact of the incident, take appropriate containment measures, and notify affected parties or competent authorities where required by applicable law or applicable obligation.
Retention and deletion
ORVISTA retains information only for as long as necessary to review requests, manage work correspondence, prepare agreed written work, comply with legal or contractual obligations, maintain records, or protect legitimate work-related interests. Further information on collection, use, retention, and related requests is addressed in the Privacy Policy.
Client responsibilities
Clients should avoid submitting unnecessary personal data, excessive internal documentation, or highly sensitive materials at the initial access request stage. Where sensitive supporting materials are necessary, clients should provide only what is relevant to the matter under review and identify any circulation restrictions or handling expectations.
Security contact
For security-related inquiries: contact@orvista.co