Mobileye is committed to protecting the data and privacy of our customers, users and employees. We believe that trust in our ability to ensure the security of all data is crucial to our mission of developing life-saving technologies.
Therefore, Mobileye has established robust enterprise-grade cybersecurity and data protection frameworks, led by our Chief Information Security Officer (CISO) and Data Protection Officer (DPO).
Mobileye has obtained the following certifications:
This means that we are running compliance frameworks that reflect the highest industry standards, attesting to a mature cybersecurity and data protection policy which undergoes continuous improvement.
This page outlines the key technical and organizational measures Mobileye has implemented to achieve high levels of security, privacy, and regulatory compliance.
To the extent permissible by applicable local law and company regulations, all Mobileye employees, contract workers, interns, contingent workers, and other entities acting on behalf of Mobileye, are screened during their pre-onboarding process. During Mobileye’s onboarding process, all new employees receive training in the areas of security and privacy.
After successful onboarding, Mobileye requires all employees to regularly update their knowledge in this area by taking security awareness trainings, which further emphasizes the importance of the use of standard security measures.
Mobileye has implemented various controls to ensure that:
External companies, partners, or third-party entities are subject to security and privacy risk assessments and are contractually required to implement measures to protect Mobileye's sensitive materials and to adhere to committed service level agreements. Suppliers and data processors are also required to commit that their sub-contractors or sub-processors adhere to Mobileye-defined security standards as well.
Logical access to Mobileye systems and information assets is granted by asset owners and operational teams in a controlled manner, based on need-to-know (NTK) and least privilege (POLP) security principles.
High-standard hardware and software access control mechanisms are in place to support the procedural access control processes.
Mobileye's operational and production environments, as well as it's and offices are protected by physical security measures and strict standardized access control processes.
Among others, these include:
Mobileye's Secure Software Development Lifecycle incorporates security into our controlled CI/CD pipelines, including Security and Privacy by Design through threat modeling, Secure coding analysis and validation; and vulnerability testing.
Mobileye's developers undergo periodic software development security training to keep them up to date on emerging threats, industry standards, and best practices.
These processes allow us to quickly detect vulnerabilities and potential risks, which are mitigated according to SLAs reflecting high industry standards.
Mobileye is committed to maintaining the security of our systems and our customers’ information. Along with continuous security monitoring efforts, we encourage security researchers to report any potential vulnerabilities discovered in our products, systems, or services.
If you believe you have found a security vulnerability in a Mobileye asset or product, please inform us as quickly as possible through the contact form below, or email us at email@example.com You may encrypt sensitive information using our PGP public keys.
Please provide as much information as possible, including:
Mobileye is committed to providing continuous and uninterrupted service to all of its customers.
Mobileye also maintains a corporate resilience framework addressing security objectives, including incident response, crisis management, business continuity, and disaster recovery.
Implemented measures are based on a business impact analysis and utilize risk management methodologies. These cover on-premises and cloud-based services alike.
Mobileye maintains compliance frameworks to meet legal, regulatory, and contractual requirements and specifications that may impact information security, privacy, and protection of personally identifiable information.
Mobileye's robust Cyber Security and Privacy programs have been audited and accredited by the relevant TISAX labels for security and data protection, governed by the ENX Association on behalf of the German VDA, as well as several ISO standards.
In addition, independent reviews of information security are carried out periodically on designated systems and networks by external specialist security firms.
To learn more about privacy and your information, you can read our full privacy notice.