Particle element
Particle element
Particle element
Particle element

Mobility Work CMMS security, privacy and compliance

As the first community-based platform for maintenance management, we at Mobility Work are committed to ensuring the security and confidentiality of our users’ data. Thus, our team works daily to ensure the rigorous respect of the best practices in terms of security.

On this page you will find the policies, procedures and technologies we use to meet and exceed our customers’ requirements and standards.

Mobility Work has the chance to serve the needs of the most demanding customers, in terms of functionality, quality, support, but also security. In order to meet their expectations, but also to ensure a solid base of good practices and professionalism within the team, we have implemented, and continue to implement, a global security action plan for the company.

Morgane Guinot
CEO of Mobility Work

Our compliance program

ISO 27001 certified

Mobility Work (community-based and next-gen maintenance management platform) obtained the ISO 27001 certification (granted by Bureau Veritas) in December 2020, attesting to the implementation of an effective information security management system.
See the certificate See the press release

21CFR11 compliant

Mobility Work CMMS offers an Audit Trail functionality (secure logs), compatible with the 21CFR11 standard of the American FDA, which defines the rules to be respected to answer the traceability stakes of the electronic records and signatures.
Learn more about the Audit Trail See our white paper

GDPR compliant

Mobility Work complies with all regulatory and legislative provisions relating to the protection of personal data, and in particular all the GDPR provisions set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
Data Use and Protection Policy

PCI compliant

The Mobility Work application is PCI compliant via our subcontractor Stripe (payment processor) which encrypts and stores credit card details.
Learn more

Penetration test

Mobility Work has its platform tested by independent providers at least once a year.

Our customers and partners about ISO 27001 certification

The obtaining of the ISO 27001 certification by our partner Mobility Work is very important for us. It allows us to fully trust them for the treatment of our customers' personal data. Thus, Mobility Work respects the commitments of RS Components notably through a sufficiently robust information security management system. This certification guarantees the protection, the improvement and the performance of the information system, it is an essential asset to develop our partnership.

Karine Masson
GDPR Coordinator at RS Components France

Saint-Gobain considers cybersecurity a priority, especially since the company was hit by malware in 2017. Saint-Gobain does not require all of its partners to be ISO 27001 certified, but this certification is a sure sign of confidence and an assurance that we can work with Mobility Work with peace of mind. It also demonstrates Mobility Work's ability to set up a demanding infrastructure and processes in accordance with best practices. It also assures us that the Mobility Work teams carry out their developments with rigor and professionalism, thus decreasing the risks related to the cybersecurity.

Edouard Verdurand
Digital Project Manager at Saint-Gobain

Learn more about our ISO 27001 Certification

What is the role of the CEO in becoming 27001 certified?

The role of the CTO in the ISO 27001 certification process

The role of the Information Systems Manager in ISO 27001 certification

Particle element
Particle element

The security of your data is our main concern

How is the security of my data guaranteed?

All our customers’ data is stored on secure servers of Cloud AWS (Amazon Web Services), located in Paris.

Mobility Work applies two levels of security to your data: firstly, the requests of the users are filtered by Cloudflare, a service specialized (WAF) in the security of sites and web applications of SaaS type. In a second step, the entire infrastructure of the Mobility Work application is isolated on a private network (DMZ), thus protecting it against possible malicious intrusions and providing a regulated access according to a strict authorization matrix.

At the same time, users’ data transfers are encrypted as soon as they connect to the Mobility Work server, and when they are stored on the AWS server. Our development teams periodically rotate encryption keys, reducing the risk of a leak.

If you are subject to regulations requiring full traceability, Mobility Work offers an Audit Trail feature, which allows you to export log files (similar to logs) on demand. This option logs all connection information (date, origin, connection duration, etc.) and user actions.

Is it possible to manage the privacy level of my data in the application?

Users choose what data they want to share with the community through the application. They have two levels of confidentiality at their disposal: private or public.

In the first case, the data entered on Mobility Work (equipment, tasks, documents, etc.) are only visible to the members of their own network (which is limited to their company or their whole group, depending on what they have decided). They cannot be seen by other users of the community.
On the other hand, Mobility Work will be able to aggregate and anonymize them to analyze them and propose additional functionalities to all its users.

In the second case, all this data is public, which means that all the users of the community can benefit from what other users enter in the application. Here, maintenance teams from other industries and companies can find your data through the community search and, for example, view the maintenance tasks performed on a specific piece of equipment to see if you are experiencing the same issues as them.

Is Mobility Work CMMS compliant with the FIPS 140-2 standard ?

Yes, Mobility Work CMMS is compliant with the FIPS 140-2 standard established by the American government, relating to the requirements of encryption and security to be respected in the design of data-processing products intended to treat sensitive data. Our encryption methods are compliant with this standard, our services not being available without authentication or authorization.

Does Mobility Work CMMS allow ``at-rest encryption`` of data ?

Yes, our data supports as well as our exchanges of flows are all based on an encryption adapted to the implemented technologies.

Data hosting

 
Amazon Web Services Mobility Work’s physical infrastructure is hosted and managed within Amazon’s secure data centers in Europe. Mobility Work leverages the platform’s built-in security, privacy and redundancy features. AWS continuously monitors its data centers and undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited to: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (formerly SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).
Encryption Data passing through Mobility Work is encrypted, both while in motion and at rest. All connections from the browser to the Mobility Work CMMS platform are encrypted in transit using TLS SHA-256 with RSA encryption. Mobility Work requires HTTPS for all its services. Mobility Work uses HSTS to ensure that browsers interact with Mobility Work only via HTTPS and is on the pre-loaded HSTS lists of both Google Chrome and Mozilla Firefox.

Safety and Compliance Programs

Reliability and redundancy

Business continuity and disaster recovery We have put in place a Business Continuity Plan and a Disaster Recovery Plan to be prepared in case of unavailability or critical incidents. Each major incident is subject to a post-mortem and a communication to our customers.

Software development cycle

Routine checks Mobility Work constantly monitors the product for possible service interruptions (monitoring), performance degradations or security flaws to immediately draw the attention of our engineers and take action when an incident is detected. https://status.mobility-work.com
New releases New releases of the Mobility Work platform are carefully reviewed and tested to ensure that we meet our availability commitments and deliver an exceptional customer experience. Changes to our code base are required to include unit testing, integration testing and end-to-end testing. All changes are tested in a dedicated environment as close as possible to our production environment to ensure stable deployments.
Quality assurance testing Each modification is subjected to a manual testing procedure by a dedicated team in agreement with our product team in order to ensure the proper functioning and consistency of developments. In the case of modifications qualified as major, regression tests are also performed, and exploratory tests are performed on an ad hoc basis.
Continuous monitoring Each deployment in production is actively monitored, allowing us to be proactively alerted to possible regressions. Each regression is processed and qualified as part of the planning of a patch.

Vulnerability check

Vulnerability scanning We keep our systems up to date with the latest security patches and continuously monitor for new vulnerabilities via security mailing lists. This includes automatic scanning of our code repositories for vulnerable dependencies.
Penetration test We have between one and two penetration tests carried out per year by an independent service provider (with a change of service provider every 3 years).

Ressources and documents

Any questions?

Think you’ve found a security vulnerability? You have suggestions to help improve your data security? You need help filling out a security document or any other questions about our compliance program? Contact our team: contact@mobility-work.com.

Particle element
Particle element
Particle element

Join the CMMS

Mobile Community-based Intuitive

Mobile, Community-based, Intuitive

Schedule a demo
See our offers