Independently audited, on the record.
Moweb holds current certifications for information security and engineering process. Every one is independently audited. Certificates and audit reports are available on request.
Two independent audits that matter most.
ISO 27001:2022 covers our information security. CMMI Level 3 covers our engineering process. Both are third-party audited. Both are renewed on schedule.
ISO 27001:2022 Certified
Independent audit of Moweb's information security management system. Covers policies, access control, incident response, third party risk, and business continuity. Recertified on a three year cycle with annual surveillance audits.
- Standard
- ISO/IEC 27001:2022
- Issued by
- Bureau Veritas Certification
- Valid through
- May 2027
- Scope
- Information security management for the design, development, and delivery of software services from Ahmedabad, Secaucus, London, and Dar es Salaam.
CMMI Level 3 Appraised
Independent SCAMPI appraisal at Maturity Level 3. Defined, standardized, and continuously improved engineering process across every practice. Covers project planning, requirements management, verification, validation, and process improvement.
- Standard
- CMMI-DEV v2.2
- Issued by
- SCAMPI Lead Appraiser, ISACA
- Valid through
- March 2028
- Scope
- Software engineering and delivery process across all Moweb offices.
People certifications on every project.
Beyond company certifications, our engineers, project managers, business analysts, and cloud architects hold current professional certifications appropriate to their role.
PMP-certified Project Managers
Every project manager at Moweb holds a current PMP or is progressing toward it. We apply ten PMBOK knowledge areas on every engagement.
IIBA-certified Business Analysts
Business analysts on discovery sprints and requirements engagements hold current IIBA certifications aligned to their level.
AWS Certified Solutions Architects
Cloud architects on modernization and product engineering hold current AWS certifications. Focus on well-architected multi-account design.
AWS Certified DevOps Engineers
DevOps engineers running production infrastructure hold current AWS DevOps Professional certifications.
Four controls we do not compromise on.
These are the controls buyers ask about first. They are enforced by tooling, not by policy. If you want the full control catalog we will share it under NDA.
Access is least privilege by default
Every internal system uses SSO with two-factor authentication. Access to client environments is time-boxed, logged, and reviewed monthly.
Change is reviewed, not free
Every code change goes through peer review, automated tests, and a documented merge. Emergency fixes are logged and reviewed after the fact.
People go through checks
Background checks on hire for all engineering and delivery roles. Annual security awareness training. Signed acceptable use policy.
Vendors go through checks
Third party risk review before any vendor gets access to client data. Vendors are re-reviewed annually. High-risk vendors go through independent audit.
Ten years of independent certification history.
Our certifications are not a one-off. They have been renewed every year on a documented cadence since 2016. Here is the history you can verify.
- 2016
First ISO 27001 certification (2013 revision).
- 2019
Recertified to ISO 27001:2013. Scope extended to US office.
- 2020
CMMI Level 3 appraisal completed. First cycle.
- 2022
Recertified to ISO 27001:2022 revision. Scope extended to UK and Tanzania.
- 2024
CMMI Level 3 reappraisal completed. Annual surveillance passed.
- 2026
Annual surveillance audit passed. SOC 2 readiness assessment underway.
Questions compliance teams ask about us.
Send anything not covered here through the contact form and we will route it to our Head of Security.
Yes. Send a request through the contact form and we will share the current certificate, issued by Bureau Veritas Certification, along with the statement of applicability. The certificate is valid through May 2027 and subject to annual surveillance audits.
Need to share certificates with your compliance team.
Send a request through the contact form and mention which artifacts you need. Our Head of Security will respond inside one business day with certificates, statements of applicability, and any reference letters you need.