Today no SaaS provider can claim to have a customer-focused mindset if they do not have strong and transparent security and privacy programs.
In 2020, we first achieved our SOC 2 Type II certification. The SOC 2 Type II has become an industry standard for SaaS providers. This report establishes that an AICPA certified auditor has reviewed and verified the controls Mosyle has in place to protect the confidentiality, integrity, and availability of your data.
For more information about our SOC2 Type II certification, please use the Support Area inside your Mosyle Business account to open a ticket and our team will help you.
• All customer data is stored in the United States within Azure.
• All customer data is encrypted at rest.
• All client communications to the environment are encrypted with TLS.
• Data for the Mosyle Manager and Mosyle Business products are stored independently.
• Verified controls are in place to prevent data contamination between customers.
• Mosyle systems are protected within multiple availability zones, and the disaster recovery procedures are tested at least annually.
• Mosyle follows a strict change management policy covering our endpoints, infrastructure, and software code base.
• We perform nightly static code analysis.
• All software development adheres to our strict multistage review process leveraging both static and manual code reviews.
• The structured employee on-boarding process involves background checks, reference checks, and interviews with relevant Mosyle employees.
• All Mosyle employees have a defined reporting structure and are managed in accordance with the policies and procedures.
• Customer approval is required to access individual customer accounts.
• All employee access to the client environment is restricted to trusted machines.
• All employee authentication is multi-factor.
• All Mosyle employees go through regular security awareness training and testing.
• All Mosyle employees have reviewed and accepted all relevant policies and procedures.
• We are continuously evaluating our systems against recognized benchmarks and standards such as NIST and CIS.
• We perform regular vulnerability scanning.
• We monitor our systems for any anomalies in performance, availability, or integrity.
If you believe you have discovered a security flaw, please contact us at firstname.lastname@example.org. We support responsible disclosure. We request that you provide us the industry accepted 90 days to reproduce and remediate any validated issues so we can continue to protect our customers data.