Trust begins with security. Maxwell protects data with enterprise grade security, aiming to exceed industry standards when it comes to protecting you.
The security of your data, along with your borrowers’ personal and financial information, is of the utmost importance to Maxwell. We know it is to you, too. Maxwell’s approach to information security is multi-layered, ensuring robust access controls, monitoring and reporting, and infrastructure security. We are open and transparent with our security program, including reviews of our information security policies, third party code reviews and penetration tests, so mortgages lenders feel safe using our products.
Maxwell’s digital platform ensure security of data both at-rest and in-transit. Maxwell stores data encrypted at rest with AES-256, block-level storage encryption. This is the same technology that banks use to keep personal account information safe. All requests and responses, including website and API access, enforce Transport Level Security (TLS) using SSL.
Maxwell has secure and direct integrations with over 1,500 financial institutions, ensuring accurate and protected gathering of financial documents, bypassing unsecure email communication —protecting your borrowers and your organization from inaccurate or corrupted files. All information and documents uploaded, downloaded, or transmitted through Maxwell’s service are processed using secure data encryption as well as virus and malware checks.
The physical locations of Maxwell’s cloud partner data centers are guarded 24/7/365 by onsite security personnel and are SSAE16 SOC 2 Type II certified. Access requires multiple levels of authentication, including biometrics recognition procedures. The data centers have security cameras that monitor both the facility premises as well as each area of the data center internally.
Activity on each loan file is tracked alongside borrower communication in the activity feed and can be downloaded for every loan — ensuring accurate records for compliance or audit.
To further protect the information of the organization and your clients, Maxwell offers two-factor authentication and NIST password standards to be enabled across your team to further protect against unauthorized access.
Maxwell leverages the best cloud providers to protect your data. We have deep partnerships with recognized hosting and content management partners with ISO 27001 and SOC2 Type II certifications, along with FINRA and Safe Harbor approvals.
Box is a secure cloud storage platform used by Maxwell for document and file sharing. Learn more about Box’s Security standards here: Box Security
Amazon Web Services offers reliable, and scalable cloud computing services. Learn more about AWS’s Security standards here: AWS Security
Heroku is a platform as a service (PaaS) that enables our developers to build, run, and operate Maxwell entirely in the cloud.
Learn more about Heroku’s Security standards here: Heroku Security
We know our customers often need to validate compliance to trust a cloud service provider. In addition to making our policies and controls open to review, we work hard to get certifications and are currently in the process of achieving our own SOC2 certification.
We strive to adhere to widely accepted standards and regulations to keep you at ease. Our development team performs automated and manual application security testing and network vulnerability testing on an on-going basis to identify and patch potential security vulnerabilities and bugs on our applications. We also work with third-party security specialists to identify potential vulnerabilities.
We regularly test our code, environment, and controls using independent third-party advisors against the most sought-after standards and regulations. These reviews occur at least annually by respected security firms and we publish their reports and opinions for our customers as they become available. We take their reports very seriously and have processes in place to address any issues that present risks to us or our customers.
We hold our service partners to very high standards. Data centers, co-location and managed service providers undergo regular SOC1, SOC2 and/or ISO 27001 audits to verify their practices. Maxwell reviews the results of these audits at least annually as part of our vendor management program. In the event these audits have material findings which we determine present risks to Maxwell or our customers, we work with the service provider to understand any potential impact to customer data and track their remediation efforts until the issue has been resolved.
Compare packages and choose the plan that’s right for you