Least privilege access
Access to systems is granted based on business need and job responsibility. Administrative access is limited to approved personnel and reviewed periodically.
Security
Security at Mason
Security is built into how Mason delivers, manages, and supports connected device deployments.
Mason America, Inc. maintains a security program designed to protect customer data, company systems, employee devices, and production environments.
Mason is currently in the process of obtaining SOC 2 Type I certification.
Our security approach
Mason’s security program is designed around practical controls that protect customer data, company systems, employee devices, and production environments.
Defense in depth
Mason uses layered security controls across identity, endpoints, infrastructure, vendors, and operational processes to reduce risk.
Secure operations
Systems and procedures are reviewed to ensure they remain appropriate as Mason’s products, operations, and customer needs evolve.
Accountability
Security responsibilities are assigned to internal owners and reviewed through compliance, access review, and vendor management processes.
How Mason protects customer data
Mason uses administrative, technical, and organizational safeguards to protect customer and company data.
Data protection
Customer information is used only for legitimate business purposes, including device deployment, support, order management, billing, and customer operations.
Identity and access management
Mason uses centralized identity and access management tools to manage employee access based on role, job responsibility, and business need.
Endpoint and device security
Corporate devices are centrally managed using mobile device management tools, with configuration standards and endpoint protection where appropriate.
Infrastructure and monitoring
Mason uses monitoring, alerting, and operational tools to help identify issues affecting company systems and services.
Access reviews
Access is removed or updated when users change roles, leave the company, or no longer require access to a system.
Administrative controls
Administrative access is restricted to approved users and reviewed as part of Mason’s security and compliance program.
Secure business operations
Mason maintains internal procedures to support secure software, vendor oversight, employee security practices, and incident response.
Secure development and change management
Mason follows internal procedures for developing, reviewing, testing, and deploying software and operational systems. Changes to production systems are reviewed and managed by authorized personnel.
Vendor security
Mason reviews vendors based on the type of data they access and the role they play in operations. For vendors that process sensitive data or support critical business functions, Mason reviews available security documentation.
Incident response
Mason maintains procedures for identifying, escalating, investigating, and responding to security incidents. Where required, Mason notifies affected parties in accordance with contractual, legal, and regulatory obligations.
Employee security practices
Mason employees are expected to follow company security policies, protect company and customer data, use approved tools, protect credentials, and report suspected security concerns.
Compliance and trust
Mason is currently in the process of obtaining SOC 2 Type I certification. Our compliance program is managed through Vanta and includes controls related to access management, vendor review, endpoint security, data protection, policies, personnel procedures, and security monitoring.
Privacy
Mason maintains a public Privacy Policy that describes how we collect, use, and protect personal information. View Privacy Policy.
Vendor review
Mason reviews SOC 2 reports, bridge letters, security questionnaires, privacy documentation, and trust center materials for relevant vendors.
Ongoing monitoring
Mason reviews security and compliance controls as part of ongoing efforts to protect customer data and company systems.
Contact Mason Security
For security questions, compliance inquiries, or responsible disclosure, contact the Mason security team.