Information security at Movate: Assessments and compliance

Ensuring information security and data privacy is paramount to Movate. All it takes is one incident, breach or person that can violate the trust of clients and damage the corporate reputation. Be it the data of business, employees or clients, robust policies and compliance vouch for Movate’s strong posture and commitment in this area of governance.

Let’s look at some of the assessments and where Movate stands in each of them.

ISO 27001:2013

What is it? ISO 27001:2013 aims to help organizations protect their information assets through a structured approach to managing sensitive data. It outlines requirements for establishing, implementing, maintaining, and continually improving Information Security Management Systems (ISMS) tailored to the organization’s needs.

Where does Movate stand?  Movate’s assessed and certified offices include:

• North America
  • Data Center in Utah, USA
  • Office in San Jose, CA, USA; facilities at Texas, USA
• APAC
  • Ambit IT Park: Ground floor, 6th, 9th, 10th floor; office at Shriram Gateway; and office at MEPZ in Chennai, India.
  • Victor & Voyager premises at Whitefield Road, Bengaluru, India.
  • Office at Sohini Tech Park in Hyderabad, India.
  • Facilities at Taguig City, Philippines – Asian Century Center (ACC) and Bonifacio Technology Center (BTC). And delivery center at East Gate Business Center, Antipolo.
  • Dalian in China.
• Africa
  • Office at Ebene in Mauritius
• Latin America
  • Costa Rica: offices at Technologiia Ultrapark in Heredia; Terra Campus Corporativo in Cartago.
  • Facilities at Barranquilla Atlántico, Colombia
• EU
  • Office at Wroclaw, Poland.

ISO 27001:2013 serves as a vital framework for organizations aiming to enhance their information security practices through systematic management and continuous improvement.

SOC 2 Type II

What is it? SOC 2 Type II is an auditing framework developed by the American Institute of Certified Public Accountants (AICPA) that evaluates how well a service organization manages data to protect the privacy and interests of its clients. This type of report specifically assesses the effectiveness of an organization’s internal controls over a specified period, typically ranging from six months to a year.

Where does Movate stand? Movate completed the SOC 2 Type II audit conducted by an independent auditor. The SOC 2 Type II report demonstrates Movate capability, maturity and criteria for TRUST CONTROLS that comprise overall security, availability, and confidentiality to meet this SOC 2 Type II Trust Criteria. This significant achievement and certification reflect our commitment to maintaining the highest standards of security and CIA principles for our clients and stakeholders.

PCI DSS 4.0.1

What is it? PCI DSS 4.0.1 AOC, or the Attestation of Compliance for PCI DSS version 4.0.1, is a formal document that organizations use to affirm their compliance with the Payment Card Industry Data Security Standard (PCI DSS). This attestation serves as evidence that an organization has undergone a PCI DSS assessment and meets the necessary security requirements for handling sensitive cardholder data.

Where does Movate stand? Movate has achieved the Payment Card Industry Data Security Standard – PCI DSS 4.0.1 AOC certification. PCI DSS 4.0.1 was launched in June 2024, and only a few organizations, like Movate, have been certified with the most recent version in this category.

Colombia Personal Data Processing

What is it?  Colombia’s Personal Data Processing Regime is a comprehensive legal framework designed to safeguard individuals’ privacy rights while regulating how organizations handle personal information. It is governed primarily by the Personal Data Protection Statute (Law 1581 of 2012), which aims to protect individuals’ privacy and regulate the processing of personal data.

Where does Movate stand? Movate S.A.S, the Colombia entity complies with the “Colombia Personal Data Processing Regime” and is compliant with the “Colombia National Database Registration”. Movate Privacy Policy aligns with Personal Data Processing Regime in Colombia Law 1581, Privacy and Regulation.

---

Information security and cybersecurity training and awareness sessions are periodically conducted for Movators.

---

ICO

What is it? The Information Commissioner’s Office (ICO) is the UK’s independent authority responsible for upholding information rights, ensuring data protection, and regulating freedom of information. It operates as a non-departmental public body that reports directly to the UK Parliament and is sponsored by the Department for Science, Innovation and Technology.

Where does Movate stand? Movate UK Limited has successfully completed its fourth year of compliance with the Data Protection Act (ICO – The Information Commissioner’s Office, UK). By complying with the ICO’s guidance, Movate business ensure the integrity, confidentiality, and availability of sensitive information.

---

In an age of increasing cybersecurity threats, Movate recognizes the enormous responsibility to safeguard employees and stakeholders.

---

HIPAA

What is it? The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. law enacted in 1996 to protect the privacy and security of individuals’ medical information. HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses, collectively known as “covered entities,” as well as their business associates.

Where does Movate stand? Movate has implemented administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of protected health information (PHI).  At Movate, HIPAA compliance is a continuous and ongoing process:

• Movate has HIPAA Policy that aligns with the requirements for privacy, security, and breach notification
• Movate has implemented all the applicable administrative, physical, and technical safeguard security controls and are being regularly monitored.
• Movate has comprehensive risk assessment that identifies all systems, processes, and personnel that handle PHI and ensures the evolving risks and regulatory requirements are addressed in a timely manner.

Movate has a dedicated compliance officer responsible for ensuring adherence to HIPAA regulations and to oversee training, risk assessments, and incident response.

GDPR

What is it? The General Data Protection Regulation (GDPR) is a comprehensive data privacy law enacted by the European Union (EU) that came into effect on May 25, 2018.  GDPR applies to all the organization, regardless of location, that processes the personal data of individuals within the EU.

Where does Movate stand? Movate is committed to ensuring information security and data privacy, including compliance with GDPR. Here are some key points about Movate’ s stance on data protection:

1. GDPR Compliance: Movate adheres to GDPR requirements, ensuring the protection of personal data for individuals within the EU.
2. Data Security Practices: Movate implements robust data security measures, including regular cybersecurity training and awareness sessions for employees.

All of Movate’s EU projects are in agreement with GDPR laws.

EU-US (DPF)

What is it? The EU-U.S. Data Privacy Framework (DPF) is a mechanism designed to facilitate the transfer of personal data from the European Union (EU) to the United States (U.S.) while ensuring adequate data protection. The DPF aims to provide a reliable mechanism for U.S. organizations to comply with EU data protection requirements when transferring personal data across the Atlantic

Where does Movate stand? Movate is committed to ensuring compliance with the EU-U.S. Data Privacy Framework (DPF).

Global Presence – Movate operates multiple offices worldwide, including the EU & other entities, which helps in maintaining compliance with various regional or local data protection regulations

*Note:  All information and updates as on the date of publishing this blog.

Contact us to know more.

About the author