Security & Compliance

Architecture, Security and Compliance

Mobilize maintains a Security and Compliance program committed to compliance with all laws, regulations, and ethical standards as they apply to the conduct of its business and its role as a Community Platform.

Employment

Employment is conditioned on pre-hire screening and background checks, and adherence to Mobilize’s security standards. Mobilize provides its employees with the tools they need to meet the requirements set forth in the laws and standards established by Mobilize. All employees are expected to comply with all laws, regulations, and Mobilize policies affecting business operations.

Architecture

The Mobilize solution is a Software-as-a-Service (SaaS) based web and mobile application served from a hybrid cloud infrastructure. It is built using industry standard components which provide security and resiliency with minimum downtime. All connections within the application, between its components and stored credentials are protected via encryption and firewalls. Our API access is achieved through secure REST calls. All customer account data is isolated and protected from access by other multi-tenant accounts. All multi-tenant data is partitioned logically and isolated to prevent unauthorized access. All of our stored data is encrypted at rest and on transit.

Compliance Levels

ISO 27001
ISO 27018

Data Centers

We host our application in top-tier data centers located in the United States. These data centers implement the highest standards of security including:

Maintaining accepted security certifications such as ISO 27001, SSAE 16/SAS 70 or similarly recognized standards
On-site security personnel
Security camera monitoring and intrusion detection
Redundant HVAC (Heating Ventilation Air Conditioning) units to ensure that temperature and humidity remain consistent
Monitoring, alerting and suppression systems in the event of smoke, fire, water or similar threats
Back-up power with immediate failover
Distributed Denial of Service (DDoS) mitigation services

Email Authentication

Mobilize sends all mail with DomainKeys Identified Mail (DKIM) authentication. DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. This is an industry best practice to establish sender identity.

Administrative Controls

Mobilize implements and maintains controls on accessing our clients’ environments and data. This includes:

Limited access to customer data to authorized personnel only and according to documented processes
Logging and tracking access to our SaaS servers to enable auditing
Ensuring that all employees who are provided access have passed extensive background checks, as per above
Mobilize clients designate which of their employees have access to their instance of Mobilize. Customers can designate permission levels based on log-in credentials. By default, only the administrator has full access to all controls and content within Mobilize.

Personal Data

Personal data records are held in compliance with all applicable legal, regulatory and contractual requirements, including:

Personal data records are not held for any longer than required.
Certain personal data records are processed and retained by Mobilize solely on behalf
of its customers in Mobilize’s capacity as their Data Processor.
The protection of personal data records in terms of their confidentiality, integrity and availability is in accordance with their sensitivity and relevant business objectives and requirements (and among other things, in accordance with Mobilize’s contractual commitments under a Data Processing Agreement).

Once such records are no longer necessary or relevant, Mobilize fully anonymizes or deletes them.
This policy is subject to a regular review process carried out under the guidance of Mobilize’s Data Protection Officer.

GDPR

The European Union’s General Data Protection Regulation (GDPR) was designed to maintain consistent data privacy laws across Europe, delivering a right to privacy and the protection of personal data. It introduces broad-ranging requirements for data protection, security, and compliance. Mobilize complies with all GDPR standards, and our platform and services allow our clients to be GDPR compliant as well. In addition, Mobilize maintains a strict Privacy Policy and Data Processing Agreement.

SLAs

Mobilize offers SLAs for uptime and resolution times on customer requests for our Enterprise customers.

Backups and Redundancy

Mobilize uses a daily automatic backup protocol that is maintained with daily snapshots for recovery offsite for 30 days. Mobilize applies automatic high availability fail-over for data storage and network. Our infrastructure is redundant so there is a back-up component for all hardware that stores data. All network devices, including firewalls, load balancers, and switches are fully redundant and highly-available.

Vulnerability Management

Mobilize’s Information Security team is responsible for managing vulnerabilities. The team scans for security threats using commercially developed tools, automated and manual penetration efforts, software security reviews, and external audits, and is responsible for tracking and following up on detected vulnerabilities.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

We focus on solutions for:

Associations

Professional Networks

Direct Sales Orgs

Nonprofits

What can we help you get done?

Activate Your People

Drive Engagement

Gain Intelligence

Accelerate Growth

Improve Retention

Mobilize resources:

Resource Center

Blog

Mobilizers Community

Support

Customer Reviews