Security Policy

You are here because security matters to you. We know you need to be sure your service providers (like us) take security as seriously as you do. Below you'll find more information on how we ensure the safety of your data in MoreApp.

ISO27001 Stamp
ISO 27001 Certification

ISO27001 is recognized as the premier information security management system (ISMS) standard worldwide. ISO27001 also leverages the comprehensive security controls detailed in ISO27002. The basis of this certification is the development and implementation of a security management program, including the development and implementation of an Information Security Management System (ISMS). This widely-recognized and widely-respected international security standard specifies that companies that attain certification also:

  • Systematically evaluate our information security risks, taking into account the impact of security threats and vulnerabilities
  • Design and implement a comprehensive suite of information security controls to address security risks
  • Implement an overarching audit and compliance management process to ensure that the controls meet our needs on an ongoing basis.

MoreApp has received the ISO27001 certificate from Dekra in September 2017.

GCP image
Data Center

MoreApp runs on Google Cloud Platform with a data center located in Eemshaven, The Netherlands. An efficient data center that is running on 100% renewable energy, mostly from Dutch wind. We ensure great scalability, high availability and security by addressing the following:

  • Access to our webservers is heavily restricted
  • Servers are spread over multiple availability zones
  • Database servers are replicated and run regular off-site backups
Security image
Safety

Since we're constantly sending and receiving sensitive information, we need to make sure our Platform and App are as secure as possible. We make sure of this by attending to the following things:

  • SSL encrypted connections to and from our webservers
  • All passwords are safely stored after salting, hashing and applying strong encryption
  • All endpoints that expose sensitive data require authentication
  • HSTS to prevent downgrade attacks and cookie hijacking
  • DDoS protection
  • MITM-attack prevention
  • Intrusion Detection (OSSEC)

We also continuously check our system to comply with the

  • Common Vulnerabilities and Exposures (CVE)
  • Security Best Practices
  • Center for Internet Security (CIS) Benchmarks
  • OWASP Top 10
Lock image
Independent third-party audits

We use independent third-parties to audit our practices against most sought after standards and regulations in the world. These reviews occur at least annually and are conducted by globally-respected audit and security firms that are independent and thorough in their evaluations. We take their reports very seriously and have processes in place to address any issues that present risks to us or our customers.


External and internal application security testing
The fact that we have our Information Security Management System (ISMS) worked out right now, doesn't mean it'll automatically stay that way. We need to keep making sure of this by testing our product and having ourselves audited by a certified third party.

  • We plan regular penetration tests
  • We plan regular Security Risk Analyses
  • We meet in the monthly Avisi Security Council to discuss the latest trends, vulnerabilities and legal issues


Continuous Improvement
A critical part of any information security management program is the continual improvement of security and compliance programs, systems, and controls. MoreApp is committed to soliciting feedback from different internal teams, customers, internal and external auditors, and improving our security, privacy and compliance processes and controls over time.

Group image
People

Since our employees are working with sensitive data each and every day, we need to make sure they can be trusted. That's why:

  • All employees will have get a background check before we hire them
  • All employees are in possession of a Certificate of Conduct for handling sensitive information
  • We train our employees to make security the priority
  • We have 'employee termination' procedures in place
  • We only work on laptops with full disk encryption and a vicious locking policy
GDPR image
Data Processing Addendum

We highly value privacy and the protection of your personal data. Therefore, we have put forward a Data Processing Addendum, tailored to our products and services. In the Data Processing Addendum, we mutually agree on how we process personal data on your behalf and how we protect the personal data that you process.

The Data Processing Addendum is added as an appendix to our License Agreement.

MoreApp 2013 - 2019 | Security | Privacy
EN / ES / DE / NL / PT / RU / AR / FR