Security & Privacy

Today no SaaS provider can claim to have a customer-focused mindset if they do not have strong and transparent security and privacy programs.

Data Privacy

Data Privacy

We take the privacy of our customers extremely seriously and we will never sell any customer information or share it in any manner different than described on Mosyle Manager Privacy Policy.

For detailed information about how Mosyle handles your data, refer to Mosyle Manager Privacy Policy.

GDPR

Mosyle is compliant with GDPR. For information about how Mosyle handles your data, refer to Mosyle Manager Privacy Policy and Mosyle Manager Terms of Service.

Security

SOC2 Type II

In 2020, we first achieved our SOC 2 Type II certification. The SOC 2 Type II has become an industry standard for SaaS providers. This report establishes that an AICPA certified auditor has reviewed and verified the controls Mosyle has in place to protect the confidentiality, integrity, and availability of your data.
For more information about our SOC2 Type II certification, please use the Support Area inside your Mosyle Manager account to open a ticket and our team will help you.

Data Controls

• All customer data is stored in the United States within Azure.
• All customer data is encrypted at rest.
• All client communications to the environment are encrypted with TLS.
• Data for the Mosyle Manager and Mosyle Manager products are stored independently.
• Verified controls are in place to prevent data contamination between customers.
• Mosyle systems are protected within multiple availability zones, and the disaster recovery procedures are tested at least annually.

Software Controls

• Mosyle follows a strict change management policy covering our endpoints, infrastructure, and software code base.
• We perform nightly static code analysis.
• All software development adheres to our strict multistage review process leveraging both static and manual code reviews.

Staff Controls

• The structured employee on-boarding process involves background checks, reference checks, and interviews with relevant Mosyle employees.
• All Mosyle employees have a defined reporting structure and are managed in accordance with the policies and procedures.
• Customer approval is required to access individual customer accounts.
• All employee access to the client environment is restricted to trusted machines.
• All employee authentication is multi-factor.
• All Mosyle employees go through regular security awareness training and testing.
• All Mosyle employees have reviewed and accepted all relevant policies and procedures.

Other Controls

• We are continuously evaluating our systems against recognized benchmarks and standards such as NIST and CIS.
• We perform regular vulnerability scanning.
• We monitor our systems for any anomalies in performance, availability, or integrity.

Report a Security Concern

If you believe you have discovered a security flaw, please contact us at security@mosyle.com. We support responsible disclosure. We request that you provide us the industry accepted 90 days to reproduce and remediate any validated issues so we can continue to protect our customers data.