Security Policy and Certifications

With many customers ranging from emerging entrepreneurs to established organizations using our services, a heavy responsibility for data security and compliance rests on our shoulders. We conform to global regulations to ensure the privacy and security needs of our customers.


Product Security

We at Mobius follow the Agile mode of product development wherein deliverables are released in patches and continuously integrated to meet both business demands and security agreement. Our DevOps maintain industry level development and security methodologies to mitigate any functional issues and vulnerabilities.

Physical Security

24x7x365 video surveillance: Mobius office is under 24x7x365 video monitoring both at premises level and floor level to ensure only authorized individuals should access the building and the office.

2-factor biometric authentication: Only authorized personnel can enter Mobius workstation. Smart card readers and security guards are present both at the premise and floor level which makes it impossible for any unauthorized person to enter. Significant locations like server rooms are accessible only to authorized individuals.

Visitor policy: Visitor policies are adhered rigidly by all our employees. Our security guards are intimated in advance about any visitors and a proper letter has to be produced for them to enter the office. Any visitor is always accompanied by our employee both inside the building and the office.

Business continuity: All the data and applications are hosted in industry-leading Amazon Web Services, whose data centers have been thoroughly tested for security, availability, and business continuity. We have round the clock power supply. Furthermore, alternate power systems are also installed to maintain business continuity.

Safety Measures: Water sprinklers, fire extinguishers, and fire alarms are placed at regular intervals to detect and reduce damages in the event of any natural disasters like fire and earthquake. Regular drills are conducted for employee awareness on the evacuation procedures.

Network Security

Our network is well updated with the latest version of firewalls and antivirus software to protect all internal and external communications, to detect and alert any intrusions in case of any threat. A multi-factor authentication is always required to access any production systems. Logs are maintained and reviewed periodically to mitigate any incident. The NOC and SOC teams monitor the infrastructure 24x7 for stability, intrusions, and spam using a dedicated alert system. Our in-house IT team perform vulnerability tests and penetration tests every 90days. All the data transmission is done through Transport Layer Security (TLS) and Hyper Text Transfer Protocol Secure (HTTPS). We make sure no sensitive data values are stored in clear text.

Data Retention and Deletion

We retain customer related data using your personally identifying information (PII) till your account is active or as per your request. We gather PII with your work mail ID and contact name when you sign up for our services. We do not disclose your information to anyone other than those described in our Privacy Policy. In addition, we may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Once your service agreement term gets over we delete all your data.

Customer Data Access

Our technical experts have access to sensitive customer data for effective development of the application. Access to customer data is provided over two-factor authentication and stored in VPN using a public key. All access is logged and no unauthorized person is allowed to obtain the customer data.

Security Certifications

ISO/IEC 27001 is the best-known standard for an information security management system (ISMS) and is awarded to organizations that comply with ISO's high international standards. Mobius has acquired ISO/IEC 27001:2013 certification for applications, systems, people, technology, and processes.

ISO 9001 is a standard for quality management system (QMS) and is awarded to organizations that comply with the global standards. Mobius has acquired ISO 9001: 2015 certification for products and service that meets customer requirements and assurance.

NIST is the National Institute of Standards and Technology, a bureau that promotes and maintains measurement standards. It ensures organizations develop and maintain applications according to industry standards. Mobius is NIST accredited.

Soc 2 is an auditing procedure that ensures service providers securely manage the customer data to protect the interests of the organization and the privacy of its clients. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA's Trust Services Principles criteria. Mobius is SOC 2 Type II compliant.

For more information on our security policy and certifications, please contact security@mobiusservices.com.

ISO
Soc2
NIST

Disclosure

If you believe you’ve discovered a bug in our security, please get in touch at security@mobiusservices.com. and we will get back to you within 24 hours, or earlier. We request you not publicly disclose the issue until we have had a chance to address it.