Automotive Data since 1903

MOTOR’s Data Governance

MOTOR is dedicated to not only supplying the most accurate, timely and comprehensive automotive data to its customers, but also to maintaining the security of the data entrusted to us by vehicle manufacturers. As such, we prioritize cybersecurity as well as physical protection of this data’s usage and storage. To honor this commitment, we diligently review and update our methods to remain current with the various threats that arise with the evolution of technology.

Secure Operations
Security is among MOTOR’s top priorities, with a comprehensive set of standards in place to maintain the confidentiality of data along the operational line.

  • MOTOR builds separate development, testing and production environments, with these duties divided across departments to ensure data access is limited to appropriate employees. Only Production Administrators may access the production environment to mitigate the risk of unauthorized changes in production.
  • Changes are managed using formal, standardized control methods, including quality assurance testing, release approval and rollback procedures. Automated deployments using orchestration tools mitigate the risk of issues with deployment processes.
  • Application and server monitoring alert IT Operations staff to issues in the production environment for a quick response.
  • Standard cybersecurity measures are taken, including firewalls, IP filtering, antivirus, public/private key encryption and separate networks.

Access Control
Documents, files and data elements are stored and protected in a secure, web-based environment, with access restricted to approved employees and users.

  • Applications and data are hosted by Amazon Web Services or Microsoft Azure in a virtual, private cloud infrastructure, with data stored in the United States.
  • Our network is protected by strong controls, which require encrypted credentials and complex passwords updated at set intervals. Each employee is given a unique identification within the network, with multifactor authentication required for most access. Logs are kept for all activity, and inactive sessions expire at pre-determined intervals.
  • Information is encrypted in transit via TLS. Status is available at status.motor.com.

Compliance
MOTOR maintains multiple policies for physical, intellectual and cybersecurity of data.

  • Employees are bound by corporate confidentiality policies; likewise, vendors, contracting firms and independent contractors all have confidentiality terms within their agreements.
  • Though MOTOR rarely stores Personally Identifiable Information (PII), we maintain PCI compliance, including regular vulnerability scans.
  • All policies are documented, with documented controls in place to protect against specific risks.
  • Employees, who all receive annual information security training, are required to scan an individually assigned badge before entering our office, which is also equipped with video recording and silent alarms.
  • Visitors must use identification badges and be personally escorted at all times.
  • Any equipment removal requires express permission.

Business Continuity
MOTOR’s documented Business Continuity and Disaster Recovery program addresses information security requirements.

  • These practices are exercised at regular intervals for Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
  • Secure backups, which are regularly tested, protect from data loss.

No results found.