Moody's RMS leverages AWS and Azure cloud platforms. Each of the vendors for these platforms has committed that its cloud platform meets major compliance standards, including SOC 1, 2, 3, ISO 27001/27017/27701, PCI DSS and Cloud Security Alliance (CSA). They attest to having security programs that cover fundamental aspects of security, including Physical and Environment Security, Business Continuity Management, Network Security, Access Controls, Account Management, Secure Design Principles, Change Management, Logging and Audit Capabilities, and Security Checks.
Layers of Security
Our Cloud [application] platform is built on isolated, private networks and uses multiple network controls such as container isolation, inbound/internal traffic restrictions, monitoring of traffic rates, sources and types at multiple network points. Our multi-tier architecture is designed to be scalable, resilient, and secure. The security layers include Web Application Firewall (WAF), network firewalls, DDoS protection, monitoring and alerting systems, and network isolation.
We have designed, architected, and built the platform to be resilient with redundancy, scalability, and failover capabilities designed to minimize downtime. Additionally, we host our services with our cloud-hosting partners that offer multiple levels of built-in redundancy and geographical distribution. We also have monitoring and alerting systems in place so our engineers can promptly and proactively respond to issues that could lead to service disruptions.