Security at Morta.
Our product, application, and infrastructure offer best-in-class security and meet compliance standards.
Product security
Morta offers enterprise-grade product security features for more control, visibility, and flexibility.
Authentication options include Google, Microsoft, and email+password with 2-factor.
Access controls on hubs, documents and trackers.
Audit APIs let hub administrators obtain audit logs. Audit events can be viewed within hub settings.
We use TLS 1.3 for data in transit encryption, and AES-256 for data at rest encryption.
Application security
Morta's security commitment starts with processes, tooling and practices to continuously design and develop secure software.
Our secure development lifecycle program integrates into every phase of our software development process which includes annual security trainings, threat modeling, and static code analysis tools.
Infrastructure security
Morta is built from the ground up using Google Cloud Platform (GCP) security best practices.
Morta is built with well-established security principles, including defense in depth, least privileges, and attack surface area reduction.
Morta follows Google Cloud Platform (GCP) best practices for network security.
We employ multi-factor authentication, RBAC, and just-in-time access for secure service management. We also log audit events and monitor all infrastructure layers for security threats.
Compliance
Morta has measures in place to help you meet your compliance obligations.
Cyber Essentials is a UK Government-backed certification scheme that helps keep data safe from cyber attacks.
Download certificate