Certifications and uptime
MobileIron products and services have been validated against the following set of security standards and certifications. For certain certifications or qualifications, MobileIron leverages independent third-party evaluators to ensure all security requirements are met.
SOC 2 Type II
As part of our commitment to trust and security, MobileIron has successfully completed a SOC 2 Type 2 assessment (formerly known as SAS 70). As part of the SOC 2 assessment, the operational and security processes of MobileIron Cloud was reviewed by an independent certified public accounting firm. The detailed results of this stringent process are available upon request - simply contact your sales representative.
MobileIron Cloud platform received FedRAMP Authority to Operate (ATO) from the United States Postal Service. The FedRAMP Agency ATO recognizes that MobileIron Cloud has passed the federal risk management process defining standard security requirements for all cloud providers.
FIPS 140-2 affirmation letters
FIPS 140-2 is a NIST standard for cryptography and it's utilization. This standard is recognized by many governments and public sector organizations including the US federal government.
Common Criteria Certification
MobileIron became the first UEM provider to receive Common Criteria certification against Version 3.0 of the Mobile Device Management Protection Profile (MDMPP v3.0 and MDMPP Agent v3.0) from the National Information Assurance Partnership (NIAP). MDMPP v3.0 describes security requirements for Mobile Device Management (MDM) products that allow enterprises to apply security policies to mobile devices. MDMPP Agent v3.0 describes security requirements for MDM Agents to address a range of security threats including theft of sensitive data, unauthorized access to malicious applications, network attacks, network eavesdropping, and physical access.
EU-US Privacy Shield
The EU-US Privacy Framework was developed by the US Department of Commerce and the European Commission to provide a legal transfer mechanism for the transfer of personal data from the European Union to the United States. The framework also provides EU citizens greater transparency with respect to the personal data collected by US organizations as well as an enhanced mechanism for resolving privacy disputes.
The MobileIron Core platform has received Security Technical Implementation Guide (STIG) approval from the Defense Information Systems Agency (DISA). This approval allows U.S. Department of Defense (DoD) agencies to deploy MobileIron on both Android and iOS devices within certain DoD networks.
CSA STAR (Cloud Security Alliance) is the industry’s most powerful program for security assurance in the cloud. STAR encompasses key principles of transparency, rigorous auditing, and harmonization of standards. STAR certification provides multiple benefits, including indications of best practices and validation of security posture of cloud offerings.
NSA/CSS's Commercial Solutions for Classified (CSfC) Program has been established to enable commercial products to be used in layered solutions protecting classified NSS data. This will provide the ability to securely communicate based on commercial standards in a solution that can be fielded in months, not years.
Trusted Information Security Assessment Exchange (TISAX) is used by European automotive companies to provide a common information security assessment for internal assessments, the evaluation of suppliers, and as an information exchange mechanism.
MobileIron takes threats to the availability, integrity, and confidentiality of our clients' information seriously. As such, MobileIron is an ISO/IEC 27001:2013 certified provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization. ISO/IEC 27001:2013 is an information security management system standard published in October 2013 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This certification demonstrates MobileIron’s continued commitment to information security at every level and ensures that the security of data and information has been addressed, implemented, and properly controlled in our organization.
|Oct - 20||100%||100%||100%||100%||100%||100%|
|Sept - 20||100%||100%||99.94%||100%||100%||100%|
|Aug - 20||100%||100%||99.94%||100%||100%||100%|
|July - 20||100%||100%||100%||100%||100%||100%|
|Jun - 20||100%||99.99%||100%||100%||100%||100%|
|May - 20||100.00%||99.99%||100.00%||100.00%||100.00%||100.00%|
|Apr - 20||100%||99.96%||100%||100%||100%||100%|
|Mar - 20||100%||100%||100%||100%||100%||99.92%|
|Feb - 20||100%||99.90%||100%||99.97%||99.97%||100%|
|Jan - 20||100%||99.91%||100%||100%||100%||100%|
|Dec - 19||100.00%||99.96%||100.00%||100.00%||100.00%||99.99%|
|Nov - 19||99.95%||99.97%||100%||99.86%||100%||100%|
At a minimum, MobileIron Cloud will be available at the Service Level Commitment specified in your contract with MobileIron. This Service Level Commitment excludes scheduled maintenance, or extensions of scheduled maintenance, where MobileIron publishes/notifies customers in advance that MobileIron Cloud will be unavailable. Release updates are categorized as scheduled maintenance.