Security Measures and Compliance Practices

Security Measures

Our security posture is built on robust and proven practices:

• Secure Development Lifecycle (SDLC): We follow a formalized SDLC to ensure secure coding and application development practices.

• Personnel Security: All staff adhere to industry best practices to safeguard access to sensitive information.

• Configuration & Change Management: All system changes are managed under a strict configuration and change management policy, with full monitoring and audit tracking.

Compliance Standards

We rely on leading cloud infrastructure providers — IONOS, Microsoft Azure, and Amazon AWS — all of which meet or exceed industry compliance standards:

• SOC (System and Organization Controls)

• ISO 27001

• PCI DSS

These certifications provide a secure and compliant foundation for Momentum AMP operations.

Data Handling

The confidentiality and integrity of your data are our top priorities.

• All data is hosted, stored, and processed within the secure infrastructure of IONOS, Microsoft Azure, and Amazon AWS.

• Our providers comply with global data privacy regulations and apply stringent controls to ensure data protection at every stage.

Incident Response

In the event of a security incident, we have a well-defined incident response plan in place. This includes immediate identification, reporting, resolution, and communication of the incident. Our response is further reinforced by the incident management frameworks of our infrastructure partners.

Certifications

Our infrastructure providers undergo regular third-party audits to maintain compliance with:

• SOC

• ISO 27001

• PCI DSS

In addition, Momentum AMP is actively pursuing SOC 2 compliance, further demonstrating our commitment to maintaining rigorous operational and security controls.