Mobilize maintains a Security and Compliance program committed to compliance with all laws, regulations, and ethical standards as they apply to the conduct of its business and its role as a Community Platform.
Employment is conditioned on pre-hire screening and background checks, and adherence to Mobilize’s security standards. Mobilize provides its employees with the tools they need to meet the requirements set forth in the laws and standards established by Mobilize. All employees are expected to comply with all laws, regulations, and Mobilize policies affecting business operations.
The Mobilize solution is a Software-as-a-Service (SaaS) based web and mobile application served from a hybrid cloud infrastructure. It is built using industry standard components which provide security and resiliency with minimum downtime. All connections within the application, between its components and stored credentials are protected via encryption and firewalls. Our API access is achieved through secure REST calls. All customer account data is isolated and protected from access by other multi-tenant accounts. All multi-tenant data is partitioned logically and isolated to prevent unauthorized access. All of our stored data is encrypted at rest and on transit.
We host our application in top-tier data centers located in the United States. These data centers implement the highest standards of security including:
Mobilize sends all mail with DomainKeys Identified Mail (DKIM) authentication. DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. This is an industry best practice to establish sender identity.
Mobilize implements and maintains controls on accessing our clients’ environments and data. This includes:
Personal data records are held in compliance with all applicable legal, regulatory and contractual requirements, including:
Mobilize offers SLAs for uptime and resolution times on customer requests for our Enterprise customers.
Backups and Redundancy
Mobilize uses a daily automatic backup protocol that is maintained with daily snapshots for recovery offsite for 30 days. Mobilize applies automatic high availability fail-over for data storage and network. Our infrastructure is redundant so there is a back-up component for all hardware that stores data. All network devices, including firewalls, load balancers, and switches are fully redundant and highly-available.
Mobilize’s Information Security team is responsible for managing vulnerabilities. The team scans for security threats using commercially developed tools, automated and manual penetration efforts, software security reviews, and external audits, and is responsible for tracking and following up on detected vulnerabilities.