Security and privacy are at the core of planning and delivering our technology
goMoxie Cloud Services uses a multi-layered approach to protect our customers’ data and constantly monitors and improves applications, systems, and processes to meet the growing demands and challenges of security. goMoxie has earned the trust of our customers around the world.
Certifications
goMoxie takes information security very seriously, as is evidenced by our investments in ensuring the security of the data customers have entrusted to our care.
Data Security
goMoxie has extensive experience in delivering cloud services and a comprehensive understanding of the security implications of managing the cloud model while delivering a better service.
GDPR/CCPA Compliance
goMoxie is committed to supporting our customer’s GDPR and CCPA compliance efforts.
Applications
goMoxie endeavors to provide our customers with secure application services using industry leading practices. We are committed to having a comprehensive Secure Software Development Life Cycle.
Certifications
goMoxie takes information security very seriously, as is evidenced by our investments in technology, personnel and other resources dedicated to ensuring the security of the data customers have entrusted to our care.
ISO 27001
- goMoxie is ISO 27001-2013 certified providing customers industry leading standards for information risk and security management. View Our Certificate Here.
HIPAA through BAA (Business Associate Agreement)
- Customers from the healthcare industry need to comply with HIPAA. goMoxie provides a hosting environment that is suitable in helping our customers meet the requirements of HIPAA Business Associates (BA) compliance for encryption stored and transmitted data.
PCI DSS 3.2
- goMoxie is PCI DSS Level I certified and offers premium service options which comply with the Payment Card Industry’s Data Security Standard (PCI DSS) 3.2 for secure communication layers.
SSAE 16 SOC Type 2
- All data centers used to provide the goMoxie applications are fully compliant to SSAE 16 SOC Type 2 – reporting requirements defined by the American Institute of Certified Public Accountants (AICPA).
Data Security
The goMoxie team has extensive experience in delivering cloud services, and a comprehensive understanding of the security implications of managing the cloud model. Our Cloud services are designed to deliver better service and meet the highest standards of security.
Physical and Logical Access Controls to Data Centers
- Checkpoints for access
- 24x7x365 security guards and video surveillance
- Only authorized persons can access the data center
- Multi-factor authentication is required to access our customer production environments
- Logging and routinely monitoring access to the production environment
- Strong Security Architecture to prevent unauthorized access provides confidence in the safety of your data
- Access is granted on a least-privilege basis and is regularly reviewed to ensure only authorized users are allowed access
Data Centers
- goMoxie Cloud has multiple locations in both the United States and Europe. All data centers used to provide goMoxie application services meet SSAE 16 and ISO 27001 Security Standards, ensuring your data is in a safe and secure place.
Single Sign On
- goMoxie can support integration with a variety of identity solutions, including SAML
Disaster Recovery
- goMoxie Cloud Services has active disaster recovery data centers in the United States and Europe
- If you opt for goMoxie’s premium DR service, we provide a targeted RTO of 4 hrs and RPO of 2 hrs
- goMoxie conducts disaster recovery tests to verify projected recovery times and the integrity of customer data
Secure Transmission
- Connect to goMoxie Cloud Services using TLS 1.2 encryption
- A dedicated secure VPN is available for customers who need extra protection
- Dedicated MPLS networks are available
Prevention from Unauthorized Data Access
- Servers are “hardened” to reduce vulnerabilities
- High availability virtualization minimizes downtime and impact
- Intrusion Detection and Prevention Systems detect and prevent malicious behavior and notify goMoxie Cloud Services team
- Perimeter firewalls and edge routers block unused protocols
- Network segmentation is in place to increase the security of goMoxie’s network
- Regular risk assessment is performed to reduce information security risks and threats
- Logging, alerting, and monitoring are in place to identify and manage threats
- goMoxie has various methods of whitelisting our customers to meet specifications and needs
Internal and Third-party Testing and Assessments
- Code review and testing are performed to identify security bugs before release
- Application and network vulnerability threat assessments are performed to enable vulnerabilities to be addressed in a timely manner
- Penetration testing is performed to identify exploitable vulnerabilities are addressed in a timely manner
- goMoxie Security Control Framework is established and quarterly self-assessments are performed to confirm controls are operating effectively
- Regular internal and external audits are performed to identify issues and improve security controls
Backups
- All backups are done to industry leading backup technology
- Daily differential and weekly full backup are performed
- The backups are encrypted and stored remotely
Anti-Virus and Patching
- goMoxie runs anti-virus software to protect against malicious acts
- Devices are regularly patched against known security vulnerabilities and operate at a patch level that is supported by the vendor
GDPR and CCPA Compliance
goMoxie is committed to supporting our customer’s GDPR and CCPA compliance efforts.
The General Data Protection Regulation (GDPR) helps protect and ensure the privacy rights of European Union (EU) citizens. The GDPR replaces the 1995 Data Protection Directive and aims to harmonize data privacy laws across Europe, while expanding the rights and empowerment of individuals in regard to the control of their personal information.
The California Consumer Privacy Act (CCPA) provides California residents with a right to be informed of the categories of personal information that a business collects or otherwise receives, sells or discloses about them.
Current Status
goMoxie takes information security very seriously, as is evidenced by our investments in technology, personnel and other resources dedicated to ensuring the security of the data customers entrust to our care. You can find out more about our certifications here.
goMoxie’s security practices, controls and accreditations enable goMoxie and its services to meet the requirements of GDPR and CCPA. As part of goMoxie’s own GDPR and CCPA compliance efforts, we have taken the following actions:
- Conducted internal privacy assessments and data mapping to determine how our applications, models and resources utilize and process personal information;
- Analyzed goMoxie’s data security standards and processes and updating them as necessary to ensure they comply with GDPR and CCPA requirements;
- Built processes, if not already existing, to execute data subject requests and rights in an expedient and accurate manner;
- Adopted customer contract terms, as necessary, to comply with GDPR and CCPA concepts and requirements;
- Updated our contacts, notices, and other relevant information to ensure data subjects and controllers (customers) can contact us as necessary with respect to GDPR and CCPA covered matters;
- Updated our incident management controls and processes to satisfy the GDPR and CCPA requirements for breach handling and notification; and
- Reviewed our contracts with sub-processors and ensure they meet the requirements imposed by GDPR and CCPA.
goMoxie continues to monitor the guidance issued by governing regulatory bodies to ensure that we remain abreast with the most recent developments pertaining to GDPR and CCPA.
Secure Application Development
goMoxie endeavors to provide our customers with secure application services that provide leading customer experiences. As part of this process, goMoxie is committed to having a comprehensive SSDLC (Secure Software Development Life Cycle). Software application development is based on industry best practices including OWASP Top 10 and PCI DSS. goMoxie incorporates information security throughout the software development life cycle.
Characteristics
- Vulnerability tests are performed using industry standard 3rd-party tools
- Code Analyses are completed at various stages to uncover security vulnerabilities. Code reviews are performed at various stages in the development life cycle including peer reviews and automatic code analysis using various tools.
- Training & Awareness: All development staff are required to maintain a level of competency in current secure development techniques.