Security

Enterprise-grade data protection keeps your data secure and meets your compliance requirements

Security—data, software, processing, and physical security—is a top priority at Mobile reCell. We are dedicated to ensuring adherence to industry standards with documented and transparent compliance.

AICPA SOC

Data Security

SOC 2

Mobile reCell has completed a SOC 2 Type 2 audit in accordance with AICPA standards. A current report and attestations of compliance are available upon request.

Privacy Notice

We are committed to protecting your data privacy. Information within our platform is stored and used as a portion of the services we provide—never sold externally. Read our full Privacy Notice on how we collect, use, and share information.

GDPR & CCPA

Mobile reCell recognizes protecting privacy requires a holistic security program. We are committed to meeting and upholding the principles of the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). You can learn how Mobile reCell ensures GDPR and CCPA compliance in our Privacy Notice.

Endpoint Protection

Mobile reCell uses state-of-the-art anti-virus and anti-malware solutions as part of a suite of next-generation endpoint protection tools. Extended detection and response (EDR) is applied on all company-issued devices and cloud instances.

Software Security

Zero Trust Security Infrastructure

All programmatic requests and users—whether inside or outside Mobile reCell’s network—must be authenticated, authorized, and continuously validated for security configuration prior to being granted access to applications or data. 

Mobile reCell requires all user accounts to be centrally managed by its single sign-on (SSO) provider. Multi-factor authentication (MFA) is the default enforcement.

Servers & Networking

Mobile reCell’s software is cloud-native, resilient, and hosted on the Amazon AWS platform. Utilizing AWS allows Mobile reCell to leverage significant industry experience, ongoing investments in security best practices, and documented compliance to standards across geographies and verticals. 

Mobile reCell uses hardened builds for its application servers. No software runs with root privileges, and application and deployment accounts do not have access to the rest of the operating system or network beyond what is necessary.

Storage & Transit Encryption

Mobile reCell uses full-disk encryption as its standard on all company devices as well as cloud volumes and databases storing customer information.

As you would expect, we use banking-grade 128-bit AES Transport Layer Security (TLS) encryption on all transport links carrying customer information or controlling our infrastructure.

Isolated Environments

The Mobile reCell Platform uses industry-standard libraries and software engineering techniques to ensure logical data separation between clients’ datasets within the platform environment.

Coding & Testing Practices

To support its immutable infrastructure model, all Mobile reCell applications are built and deployed inside containers, ensuring code is not changed after it is deployed.

Mobile reCell does not alter any deployed systems. To ensure consistency and resilience of its infrastructure, Mobile reCell builds, tests, and promotes all containers and system images to a golden image before deployment. 

Mobile reCell has robust policies and implements processes to ensure it regularly performs essential maintenance activities such as patching software, taking data backups, and testing controls to safeguard functionality.

Mobile reCell employs various state-of-the-art tools and strategies to protect the integrity of its software. The supply chain pipeline includes static code analysis scanning against OWASP threat models and developer GPG signature requirements for verification. Automated testing is performed to ensure a resilient infrastructure.

System Monitoring & Alerting

The Mobile reCell platform provides high-quality assessments of weaknesses in internet-facing and internal systems. 

The production application and underlying infrastructure components are monitored by dedicated systems. Critical alerts generated by these systems are sent to on-call team members and escalated as necessary.

Service Levels & Backups

Mobile reCell actively updates and tests its disaster recovery strategy to ensure uptime and preserve service level agreements of the platform.

Mobile reCell performs regular, full backups of our customer and company information and stores it securely in a separate cloud zone. Backup restore procedures are tested bi-annually to ensure disaster recovery.

Governance & Responsibility

No amount of technical security controls is sufficient unless backed up by robust process and governance. Mobile reCell has a robust governance model in place which makes specific staff members responsible for information security in the organization, in line with the Center for Internet Security and ISO 27001 principles.

Employee Access

Mobile reCell provisions all accounts following the principle of least privilege. If an employee’s responsibilities do not require access, it is not granted. 

Employee access privileges are regularly reviewed to ensure as employee roles change over time, privileges are updated and in sync.

Every employee is vetted with third-party background checks for authentication purposes and to uncover criminal records. In addition, we follow up on character references during our interview process.

Asset Processing Data Destruction

Our primary processing partner is ISO-certified and utilizes vigorous data destruction tools adhering to NIST 800-88 standards. In addition, every IT asset processed is assigned a Certificate of Data Destruction enabling your company with a documented audit trail and secure chain of logistics.

Processing Security

Our third-party processing partner maintains the following certifications. If you have questions about a specific certification, please contact us to discuss it in detail.

e-Stewards

e-Stewards provides end-to-end accountability to prove that e-waste recycling is performed with core objectives of data security, health, and worker safety, responsible export practices, and zero use of prison labor, dumping, or incineration.

ISO 9001:2015

ISO 9001:2015 sets the criteria for a quality management system based on a number of principles including a strong customer focus, involvement of top management, process approach, and continual improvement.

ISO 14001:2015

ISO 14001:2015 sets the criteria for an environmental management system (EMS) and maps out a framework to follow in order to set up an effective EMS and ensure that environmental impact is measured and improved.

ISO 27001:2013

ISO 27001:2013 sets the criteria for an information security management system (ISMS) to help organizations manage the security of assets that process or store critical and private information on finances, intellectual property, employee details, and clients / third parties.

ISO 45001:2018

ISO 45001:2018 replaces ISO 18001 and is the new international standard for occupational health and safety management. It focuses on the occupational health and safety management system, monitoring occupational risks to workers, and offering resources and objectives to support the safety needs of employees.

R2 Responsible Recycling

R2 Responsible Recycling 2013 is an internationally-recognized certification that demonstrates our compliance with ITAD-industry standards for process, safety, and electronics repair and recycling practices.

See The Recovery Platform In Action

Let us show you how software can simplify your IT asset recovery and disposition.