Skip to content
Certifications

Independently audited, on the record.

Moweb holds current certifications for information security and engineering process. Every one is independently audited. Certificates and audit reports are available on request.

Company certifications

ISO 27001:2022 covers our information security. CMMI Level 3 covers our engineering process. Both are third-party audited. Both are renewed on schedule.

ISO 27001:2022 Certified

Independent audit of Moweb's information security management system. Covers policies, access control, incident response, third party risk, and business continuity. Recertified on a three year cycle with annual surveillance audits.

Standard
ISO/IEC 27001:2022
Issued by
Bureau Veritas Certification
Valid through
May 2027
Scope
Information security management for the design, development, and delivery of software services from Ahmedabad, Secaucus, London, and Dar es Salaam.
Request certificate copy

CMMI Level 3 Appraised

Independent SCAMPI appraisal at Maturity Level 3. Defined, standardized, and continuously improved engineering process across every practice. Covers project planning, requirements management, verification, validation, and process improvement.

Standard
CMMI-DEV v2.2
Issued by
SCAMPI Lead Appraiser, ISACA
Valid through
March 2028
Scope
Software engineering and delivery process across all Moweb offices.
Request certificate copy
Individual certifications

People certifications on every project.

Beyond company certifications, our engineers, project managers, business analysts, and cloud architects hold current professional certifications appropriate to their role.

PMP, PMI

PMP-certified Project Managers

Every project manager at Moweb holds a current PMP or is progressing toward it. We apply ten PMBOK knowledge areas on every engagement.

Issued by Project Management Institute. Renewed continuously.
CBAP, CCBA, ECBA

IIBA-certified Business Analysts

Business analysts on discovery sprints and requirements engagements hold current IIBA certifications aligned to their level.

Issued by International Institute of Business Analysis. Renewed continuously.
AWS SA-Pro, SA-Assoc

AWS Certified Solutions Architects

Cloud architects on modernization and product engineering hold current AWS certifications. Focus on well-architected multi-account design.

Issued by Amazon Web Services. Renewed continuously.
AWS DevOps Professional

AWS Certified DevOps Engineers

DevOps engineers running production infrastructure hold current AWS DevOps Professional certifications.

Issued by Amazon Web Services. Renewed continuously.
Security posture

Four controls we do not compromise on.

These are the controls buyers ask about first. They are enforced by tooling, not by policy. If you want the full control catalog we will share it under NDA.

Access is least privilege by default

Every internal system uses SSO with two-factor authentication. Access to client environments is time-boxed, logged, and reviewed monthly.

Change is reviewed, not free

Every code change goes through peer review, automated tests, and a documented merge. Emergency fixes are logged and reviewed after the fact.

People go through checks

Background checks on hire for all engineering and delivery roles. Annual security awareness training. Signed acceptable use policy.

Vendors go through checks

Third party risk review before any vendor gets access to client data. Vendors are re-reviewed annually. High-risk vendors go through independent audit.

Audit cadence

Ten years of independent certification history.

Our certifications are not a one-off. They have been renewed every year on a documented cadence since 2016. Here is the history you can verify.

  1. 2016

    First ISO 27001 certification (2013 revision).

  2. 2019

    Recertified to ISO 27001:2013. Scope extended to US office.

  3. 2020

    CMMI Level 3 appraisal completed. First cycle.

  4. 2022

    Recertified to ISO 27001:2022 revision. Scope extended to UK and Tanzania.

  5. 2024

    CMMI Level 3 reappraisal completed. Annual surveillance passed.

  6. 2026

    Annual surveillance audit passed. SOC 2 readiness assessment underway.

Common questions

Questions compliance teams ask about us.

Send anything not covered here through the contact form and we will route it to our Head of Security.

  • Yes. Send a request through the contact form and we will share the current certificate, issued by Bureau Veritas Certification, along with the statement of applicability. The certificate is valid through May 2027 and subject to annual surveillance audits.

Requesting artifacts

Need to share certificates with your compliance team.

Send a request through the contact form and mention which artifacts you need. Our Head of Security will respond inside one business day with certificates, statements of applicability, and any reference letters you need.

ISO 27001:2022
Information security
CMMI Level 3
Engineering process
1 business day reply
Senior engineer reads first