Data Security Policy

MotaWord consistently works with a range of highly security-sensitive clients in the finance, insurance, and legal sectors. This experience means we know how to overcome the challenges in protecting our clients’ data.

Confidentiality
MotaWord ensures all data is handled confidentially by using secure transition methods with no unauthenticated access to your data, therefore fully meeting the needs of our clients and satisfying all local laws and regulations. We operate with a Cybersecurity Incident Response Plan.

Awareness
We are continuously improving our security measures and procedures and we communicate any changes in these areas to our employees and contractors regularly.

Secure ordering at MotaWord
MotaWord runs in ISO 27001 certified data centers. All communication with the platform and servers is protected with 256 bit SSL encryption. Access to your content is protected with our roles-based permission system. MotaWord does not store credit card information. If you choose to save your credit card with MotaWord, the credit card number and other details are stored in the PCI-compliant Stripe payment processing application.

MotaWord (Company) maintains a formalized information security policy to comply with various regulatory and business requirements. This security policy protects all sensitive and confidential data stored, accessed, or transmitted by our software platform, including its applications, components, infrastructure, and underlying code.

The Company has designed a risk assessment program to assess the organization’s enterprise-level risk at least annually or upon significant changes to the environment. This program is designed to identify and assess threats to and vulnerabilities in systems and in service.

The Company takes responsibility for implementing appropriate technical and organizational safeguards to ensure the protection of sensitive information. Employees of the Company are required to read and accept the terms of a confidentiality agreement upon hire that states they are prohibited from disclosing any company data from the systems and system components to which they have access.

The Company maintains strict control access to restrict private information to privileged users. These users are required to abide by their assigned responsibilities related to their elevated access.

The Company has established a Data Handling, Retention, and Disposal Program to manage information in accordance with applicable laws, regulations, policies, and standards. This program establishes a formal data retention schedule and implements a data classification standard to ensure the confidential data is secured.

The Company retains sensitive and confidential data only for as long as necessary to fulfill its purposes unless otherwise required by law or to meet legal and client contractual obligations.

The Company segments its network to prevent direct or unauthorized connections between an external network and its information systems, in particular confidential data in cloud environments.

The Company maintains a vulnerability management program to ensure the confidentiality, integrity, and availability (CIA) of the organization’s information systems landscape, which includes all critical system resources. The program includes internal and external scans, penetration testing, and issue remediation for the purposes of identifying, detecting, classifying, prioritizing, remediating, validating, and continuously monitoring vulnerabilities.

The Company conducts independent third-party penetration tests at least annually on any systems with Confidential data or with a critical risk rating to identify security vulnerabilities.