Mobileye Security
& Compliance

Mobileye is committed to protecting the data and privacy of our customers, users and employees. We believe that trust in our ability to ensure the security of all data is crucial to our mission of developing life-saving technologies.

Therefore, Mobileye has established robust enterprise-grade cybersecurity and data protection frameworks, led by our Chief Information Security Officer (CISO) and Data Protection Officer (DPO).

Mobileye has obtained the following certifications:

/

TISAX Cybersecurity and Data Protection labels administered by ENX.

/

ISO27001

(Information Security Management Standard)

/
/

ISO27017

(Information Security Management for Cloud Services)

/
/

ISO27701

(Privacy Information Management Standard)

/
/

ISO9001:2015

(Quality Management System)

This means that we are running compliance frameworks that reflect the highest industry standards, attesting to a mature cybersecurity and data protection policy which undergoes continuous improvement.

This page outlines the key technical and organizational measures Mobileye has implemented to achieve high levels of security, privacy, and regulatory compliance.

To the extent permissible by applicable local law and company regulations, all Mobileye employees, contract workers, interns, contingent workers, and other entities acting on behalf of Mobileye, are screened during their pre-onboarding process. During Mobileye’s onboarding process, all new employees receive training in the areas of security and privacy.

After successful onboarding, Mobileye requires all employees to regularly update their knowledge in this area by taking security awareness trainings, which further emphasizes the importance of the use of standard security measures.

Mobileye has implemented various controls to ensure that:

  • All information is secure,
  • Information processing facilities are operated securely,
  • Systems are protected from malware and loss of data, and
  • Security events are recorded appropriately.
Protecting sensitive data through its various stages—at rest, in transit, and even during actual usage—is imperative for ensuring confidentiality, data privacy, adherence to compliance demands, and enforcement of data sovereignty.

Data protection relies heavily on encryption. Mobileye implements data-at-rest encryption protections for data assets where appropriate to mitigate against risks such as physical access, unauthorized access, privacy breaches, data loss, etc.

Furthermore, our infrastructure is protected using the following multiple layers of defense mechanisms:

  • Firewalls control access to permitted network resources
  • Web Application Firewalls (WAF) and proxy services provide content-based filtering
  • Load-balancers protect against distributed denial of service (DDoS) attacks.
  • A robust stack of security tools is deployed all on all hosts and end-points.
  • A 24/7 Security Operations Center monitors and responds to security incidents.

External companies, partners, or third-party entities are subject to security and privacy risk assessments and are contractually required to implement measures to protect Mobileye's sensitive materials and to adhere to committed service level agreements. Suppliers and data processors are also required to commit that their sub-contractors or sub-processors adhere to Mobileye-defined security standards as well.

Logical access to Mobileye systems and information assets is granted by asset owners and operational teams in a controlled manner, based on need-to-know (NTK) and least privilege (POLP) security principles.

High-standard hardware and software access control mechanisms are in place to support the procedural access control processes.

Mobileye's operational and production environments, as well as it's and offices are protected by physical security measures and strict standardized access control processes.

Among others, these include:

  • Employee-badged access control
  • Trained security guards
  • CCTV coverage of ingress/egress points
  • Definition of secure zones with additional access restrictions

Mobileye's Secure Software Development Lifecycle incorporates security into our controlled CI/CD pipelines, including Security and Privacy by Design through threat modeling, Secure coding analysis and validation; and vulnerability testing.

Mobileye's developers undergo periodic software development security training to keep them up to date on emerging threats, industry standards, and best practices.

These processes allow us to quickly detect vulnerabilities and potential risks, which are mitigated according to SLAs reflecting high industry standards.

Mobileye is committed to maintaining the security of our systems and our customers’ information. Along with continuous security monitoring efforts, we encourage security researchers to report any potential vulnerabilities discovered in our products, systems, or services.

If you believe you have found a security vulnerability in a Mobileye asset or product, please inform us as quickly as possible through the contact form below, or email us at secure@mobileye.com You may encrypt sensitive information using our PGP public keys.

Please provide as much information as possible, including:

  • The product and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits
A member of the Mobileye security team will review your e-mail and contact you to collaborate on resolving the issue.

Mobileye does not allow public disclosure of any identified vulnerabilities. All reports are reviewed and addressed in a timely manner.

Mobileye is committed to providing continuous and uninterrupted service to all of its customers.

Mobileye also maintains a corporate resilience framework addressing security objectives, including incident response, crisis management, business continuity, and disaster recovery.

Implemented measures are based on a business impact analysis and utilize risk management methodologies. These cover on-premises and cloud-based services alike.

Mobileye maintains compliance frameworks to meet legal, regulatory, and contractual requirements and specifications that may impact information security, privacy, and protection of personally identifiable information.

Mobileye's robust Cyber Security and Privacy programs have been audited and accredited by the relevant TISAX labels for security and data protection, governed by the ENX Association on behalf of the German VDA, as well as several ISO standards.

In addition, independent reviews of information security are carried out periodically on designated systems and networks by external specialist security firms.

To learn more about privacy and your information, you can read our full privacy notice.