




Mobility Work has the chance to serve the needs of the most demanding customers, in terms of functionality, quality, support, but also security. In order to meet their expectations, but also to ensure a solid base of good practices and professionalism within the team, we have implemented, and continue to implement, a global security action plan for the company.

Morgane Guinot
ISO 27001 certified
21CFR11 compliant
GDPR compliant
PCI compliant
Penetration test

The obtaining of the ISO 27001 certification by our partner Mobility Work is very important for us. It allows us to fully trust them for the treatment of our customers' personal data. Thus, Mobility Work respects the commitments of RS Components notably through a sufficiently robust information security management system. This certification guarantees the protection, the improvement and the performance of the information system, it is an essential asset to develop our partnership.

Karine Masson
Saint-Gobain considers cybersecurity a priority, especially since the company was hit by malware in 2017. Saint-Gobain does not require all of its partners to be ISO 27001 certified, but this certification is a sure sign of confidence and an assurance that we can work with Mobility Work with peace of mind. It also demonstrates Mobility Work's ability to set up a demanding infrastructure and processes in accordance with best practices. It also assures us that the Mobility Work teams carry out their developments with rigor and professionalism, thus decreasing the risks related to the cybersecurity.

Edouard Verdurand


Data hosting |
|
Amazon Web Services | Mobility Work’s physical infrastructure is hosted and managed within Amazon’s secure data centers in Europe. Mobility Work leverages the platform’s built-in security, privacy and redundancy features. AWS continuously monitors its data centers and undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited to: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (formerly SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX). |
Encryption | Data passing through Mobility Work is encrypted, both while in motion and at rest. All connections from the browser to the Mobility Work CMMS platform are encrypted in transit using TLS SHA-256 with RSA encryption. Mobility Work requires HTTPS for all its services. Mobility Work uses HSTS to ensure that browsers interact with Mobility Work only via HTTPS and is on the pre-loaded HSTS lists of both Google Chrome and Mozilla Firefox. |
Safety and Compliance Programs |
|
Reliability and redundancy |
|
Business continuity and disaster recovery | We have put in place a Business Continuity Plan and a Disaster Recovery Plan to be prepared in case of unavailability or critical incidents. Each major incident is subject to a post-mortem and a communication to our customers. |
Software development cycle |
|
Routine checks | Mobility Work constantly monitors the product for possible service interruptions (monitoring), performance degradations or security flaws to immediately draw the attention of our engineers and take action when an incident is detected. https://status.mobility-work.com |
New releases | New releases of the Mobility Work platform are carefully reviewed and tested to ensure that we meet our availability commitments and deliver an exceptional customer experience. Changes to our code base are required to include unit testing, integration testing and end-to-end testing. All changes are tested in a dedicated environment as close as possible to our production environment to ensure stable deployments. |
Quality assurance testing | Each modification is subjected to a manual testing procedure by a dedicated team in agreement with our product team in order to ensure the proper functioning and consistency of developments. In the case of modifications qualified as major, regression tests are also performed, and exploratory tests are performed on an ad hoc basis. |
Continuous monitoring | Each deployment in production is actively monitored, allowing us to be proactively alerted to possible regressions. Each regression is processed and qualified as part of the planning of a patch. |
Vulnerability check |
|
Vulnerability scanning | We keep our systems up to date with the latest security patches and continuously monitor for new vulnerabilities via security mailing lists. This includes automatic scanning of our code repositories for vulnerable dependencies. |
Penetration test | We have between one and two penetration tests carried out per year by an independent service provider (with a change of service provider every 3 years). |