Security & Compliance

At MoneyForward i, we take security & compliance seriously and know how important it is in today’s increasingly globalized and digitalized world of SaaS applications. Our customers’ security concerns are of paramount importance to us, which is why we ensure that your data in Admina (previously known as IT Management Cloud) is protected locally and on our servers through our strict security protocols. We follow the industry standard in security & compliance and are constantly applying better protocols to protect you and your data.

Admina also achieved SOC2 compliance, which reflects our unwavering commitment to security, data protection, and transparency in our operations.


Application Security

MoneyForward i adheres to industry and international standards in cybersecurity protocol. 

Encryption

All user credentials used for integration with SaaS services are encrypted using AES-256 (Advanced Encryption Standard) encryption before getting saved to our database. Credentials for each integration and each organization in our system are encrypted using different encryption keys. The keys are managed by Amazon Web Services Key Management Service (AWS KMS), which has its own hardware-level safety measures to protect encryption keys. We went a step further to isolate the credential database from the rest of the application database, allowing for stricter security control.

Role-Based Access Control (RBAC)

ITMC is built with front-end and back-end API separately. API access is restricted through member and admin scopes; the organization administrators can customize permissions for every account registered in ITMC. After a user requests access to the API server, the server will ensure that the authenticated user has the proper scope to invoke the API and grant them access. Only users with admin-level permission are allowed access to the settings and other administrative functions, such as payments.

Audit Logs

All SaaS app connections and de-provisioning actions are recorded in the system for auditing purposes. Audit logs for the last three months are stored in the ITMC database, which users can freely access through the application.

SAML & MFA Authentication

ITMC utilizes SAML authentication to allow for the implementation of Single Sign-On (SSO) so that customers can set their own access rules, such as multi-factor authentication (MFA).

Data & Infrastructure Integrity

Secure Infrastructure Provider

ITMC uses AWS to manage all infrastructure resources, including the compute layer, database, and messaging service. Amazon maintains and demonstrates SSAE-16 SOC 1, 2, and 3; ISO 27001; and FedRAMP/FISMA reports and certifications. Our platform’s infrastructure is located on servers in secure data centers.

The ITMC infrastructure is split between the web system and the system that keeps user-sensitive data for stricter control. We allow for no inbound public access to the latter.

Data Encryption

All data sent to or from ITMC is encrypted using TLS, and all customer data is encrypted at rest by AWS Aurora and AWS DynamoDB.

Data Redundancy and System Resiliency

The ITMC infrastructure is designed to be fault-tolerant. All databases operate in cluster configurations, with auto-scaling when applicable. This provides additional redundancy and resiliency to customer data.

 Strict Access Controls

Access to all ITMC systems is managed through our identity provider Azure AD, which automates user provisioning, enforces two-factor authentication (2FA), and logs all activity. Only limited members have access to the production environment.

If you have any security concerns, please reach out to our team at security@i.moneyforward.com so that we can address them promptly.