Security

You are here because security matters to you. We know you need to be sure your service providers (like us) take security as seriously as you do. Below you'll find more information on how we ensure the safety of your data in MoreApp.

ISO 27001 Certification
ISO27001 Stamp

ISO27001 is recognized as the premier information security management system (ISMS) standard worldwide. ISO27001 also leverages the comprehensive security controls detailed in ISO27002. The basis of this certification is the development and implementation of a security management program, including the development and implementation of an Information Security Management System (ISMS). This widely-recognized and widely-respected international security standard specifies that companies that attain certification also:

  • Systematically evaluate our information security risks, taking into account the impact of security threats and vulnerabilities
  • Design and implement a comprehensive suite of information security controls to address security risks
  • Implement an overarching audit and compliance management process to ensure that the controls meet our needs on an ongoing basis.

MoreApp has received the ISO27001 certificate from Dekra on September 20 2017.

Amazon Web Services
ISO27001 Stamp

MoreApp runs on Amazon Web Services (AWS), the largest and most secure infrastructure provider on the planet. We ensure our great scalability and high availability by addressing the following:

  • Access to our webservers is heavily restricted
  • Servers are spread over multiple availability zones
  • Database servers are replicated and run regular off-site backups
Safety

Since we're constantly sending and receiving sensitive information, we need to make sure our Platform and App are as secure as possible. We make sure of this by attending to the following things:

  • SSL encrypted connections to and from our webservers
  • All passwords are safely stored after salting, hashing and applying strong encryption
  • All endpoints that expose sensitive data require authentication
  • HSTS to prevent downgrade attacks and cookie hijacking
  • DDoS protection
  • MITM-attack prevention
  • Intrusion Detection (OSSEC)

We also continuously check our system to comply with the

  • Common Vulnerabilities and Exposures (CVE)
  • Security Best Practices
  • Center for Internet Security (CIS) Benchmarks
  • OWASP Top 10
Independent third-party audits
Audit image hourglass

We use independent third-parties to audit our practices against most sought after standards and regulations in the world. These reviews occur at least annually and are conducted by globally-respected audit and security firms that are independent and thorough in their evaluations. We take their reports very seriously and have processes in place to address any issues that present risks to us or our customers.


External and internal application security testing
The fact that we have our Information Security Management System (ISMS) worked out right now, doesn't mean it'll automatically stay that way. We need to keep making sure of this by testing our product and having ourselves audited by a certified third party. We plan regular penetration tests We plan regular a Security Risk Analysis We meet in the monthly Avisi Security Council to discuss the latest trends, vulnerabilities and legal issues


Continuous Improvement
A critical part of any information security management program is the continual improvement of security and compliance programs, systems, and controls. MoreApp is committed to soliciting feedback from different internal teams, customers, internal and external auditors, and improving our security, privacy and compliance processes and controls over time.

People
Person image

Since our employees are working with sensitive data each and every day, we need to make sure they can be trusted. That's why:

  • All employees will have get a background check before we hire them
  • All employees are in possession of a Certificate of Conduct for handling sensitive information
  • We train our employees to make security the priority
  • We have 'employee termination' procedures in place
  • We only work on laptops with full disk encryption and a vicious locking policy
MoreApp 2013 - 2017
EN / ES / DE / NL / PT / RU