As both a data controller and process we have new measures to ensure our full compliance.
Here are the key activities to ensure full compliance that we have completed recently.
webMOBI Infrastructure on AWS
- Appoint a DPO ( Data protection officer)
- Evaluate our business to determine areas impacted and conduct an internal audit to ensure all the third parties and supplies are GDPR compliant
- Create a dedicated landing page to outline how we support our GDPR compliance and activities
- Create a dedicated security and compliance page to outline how we secure customer data.
webMOBI encrypts your data at rest, including event information, and other personally identifiable metadata.
webMOBI is hosted in a Virtual Private Cloud with AWS. AWS follows top IT security standards, including SOC 2 Type II, SOC 3, PCI-DSS certification, and ISO 27001.
we use https://aws.amazon.com/inspector/
for compliance of applications deployed on AWS. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings are available via the Amazon Inspector console which is shared with the security administrators weekly.
We have various tools internal and external that scan systems and reports. Those reports are collated to identify patterns and then weekly updates and patches are issued for threats and vulnerabilities.
Those are all part of the reports generated via various tools for audited events as listed in the previous responses including Demo9
, AWS inspector
, and other monitoring services. We lock down all your administrative services so hackers can't brute force attack (or exploit a vulnerability of) SSH, RDP, MySQL. We open those services on demand only for a specific user, service, and time period and keep track of those via audit log reviews We are using Amazon Guard Duty
for SIEM. More information is available on the link below -https://aws.amazon.com/blogs/security/tag/siem/
Protecting your data is of supreme importance and a relentless focus here at webMOBI.
webMOBI Employee Access
- Data is backed up every day in our secure VPC database. For data backups, we are using AWS RDS service for regular backups and updates. The backups occur during a daily user-configurable 30 min period known as a backup window. More details are available here - https://aws.amazon.com/rds/details/backup/
- All-access to the webMOBI website is via HTTPS encrypted connections
- webMOBI never stores credit card or payment details in our database and we use Stripe services to ensure maximum security. Stripe is a PCI-certified auditor and is certified to PCI Service Provider Level. This is the most maximum stringent level of certification available in the payments industry.
- The user passwords are encrypted. We use a 256-bit AES encryption in storage and a 256-bit SSL/TLS encryption in transit.
webMOBI only allows access based on the need to know or need to restrict basis. We are using Dome9 to restrict access for the production servers and maintain audit logs of the system access for all the servers.
We employ encryption technologies to protect customer data during transit. We are using SSL and the Minimum TLS version is 1.2. HTTP Strict Transport Security (HSTS) is also enabled. Only allow HTTPS connections from visitors that support the TLS protocol version 1.2 or newer. For protection (encryption/hashing) for stored passwords and other sensitive data - SHA1 with salt and AES 256 with salt encryption for sensitive data including passwords and tokens.
How to report a security event?
To communicate an incident of suspected misuse or a security issue you have discovered, please contact, email@example.com
Frequently Asked Questions
Does webMOBI have a data accessing agreement that can be signed?
- webMOBI will acknowledge your report, usually within one business day.
- A point of contact will be assigned and that person will be keeping track of the issue as well as keeping you updated. Please note the webMOBI contact may contact you to better understand the reported issue.
- We will examine the issue and determine the impact.
- In most situations, we will disclose the details of the issue once our investigation has been complete
- Once the problem has been resolved we will post an update along with the credits for the same.
As data controller, you can refer to our updated Terms and Conditions
and we will send you a copy for approval.
Can we delete my data or answer any other questions about my data?
Please email us at firstname.lastname@example.org
if you'd like to exercise your prerogatives under GDPR. You can demand to have your data removed as well as ask other information on how your data is used.
How is your data used?
Please refer to the terms and conditions
for more information on how your data is used. You can contact us at email@example.com
to ask any additional questions regarding how your data is used.
This policy is effective as of Jan 2020.
webMOBI 2020. All rights reserved.