Skip to content

Mochadocs Technical Information Center

 

Last update: March 3, 2026

 

Helpfull information for your technical relationship with Mochadocs. 

If you have any questions, reach to your Mochadocs representative at:

+31 85 400 4800

Mochadocs General Support in Files

Mochadocs Technical Information Center

 

We've gathered all the administrative and financial information you need in one convenient location, offering you a brief overview below of the contents of each section. While we may offer documents in languages other than English for ease of reference, please note that the English version is the authoritative text that governs our relationship. Any translated versions are offered solely for convenience and should not be considered as altering or overriding the English text.

 


 

 

Security Information

 

Security Information

 

Security within Mochadocs Contract Lifecycle Management (CLM) is designed from a technical foundation. The platform is built to protect contract data through layered security controls, secure architecture, and continuous monitoring across the full application lifecycle.  

 

ISO 27001 Certification

 

Mochadocs is certified against ISO/IEC 27001. This certification confirms that we operate a formal Information Security Management System (ISMS), which includes:

  • Risk assessment and risk treatment processes

  • Defined security policies and procedures

  • Internal and external audits

  • Management oversight and review

  • Continuous improvement mechanisms 
      

The ISMS covers organizational, technical, and operational security controls. 

 

Platform Architecture

 

Mochadocs is built on a secure, cloud-native architecture designed for scalability and isolation.

Key principles include:

  • Logical data separation between tenants
  • Secure API-based communication between services
  • Network segmentation and restricted internal access
  • Hardened infrastructure environments following industry best practices

All environments are configured using controlled deployment pipelines to reduce configuration risks and human error.

 

Data Protection

 

Data protection is implemented at multiple technical layers:

  • Encryption in transit using TLS protocols
  • Encryption at rest using industry-standard encryption mechanisms
  • Secure key management practices
  • Database access restricted through controlled service authentication

 

Sensitive contract data is never exposed directly to public-facing components.

 

Identity and Access Control

 

Mochadocs applies strict authentication and authorization controls:

  • Role-Based Access Control (RBAC)
  • Granular permission management at user and contract level
  • Secure authentication flows
  • Enterprise Single Sign-On (SSO) is supported via standard protocols (SAML 2.0 / OpenID Connect). 
  • Multi-factor authentication (MFA) is enforced for privileged accounts. 
  • Customers may integrate their own identity provider to centrally manage authentication policies and user lifecycle management. 
  • Session management and access validation mechanisms

 

All access requests are validated before data is processed or displayed.

 

 

Application Security

 

Security is embedded into the development lifecycle.

Technical safeguards include:

  • Secure software development practices
  • Code reviews and controlled release processes
  • Dependency and vulnerability monitoring
  • Input validation and protection against common web vulnerabilities
  • Regular security patching and updates

 

The platform is continuously improved to mitigate emerging threats.

 

Monitoring and Auditability

 

Mochadocs maintains full system visibility through logging and monitoring:

  • Centralized logging of system activities
  • Audit trails for user actions and contract changes
  • Real-time monitoring of platform health and anomalies
  • Alerting mechanisms for suspicious behavior

 

This enables traceability and supports audit and compliance requirements.

 

Availability and Resilience

 

The platform is designed for operational continuity:

  • Redundant infrastructure components
  • Automated backups and restore procedures
  • Disaster recovery strategies
  • High-availability infrastructure configuration

 

Systems are monitored continuously to ensure stable performance and uptime.

 

Compliance and Security Governance

 

Technical security controls support organizational compliance requirements:

  • GDPR-aligned data handling principles
  • Controlled data processing workflows
  • Access traceability for audits
  • Documented security procedures and governance controls

 

Security Across the CLM Lifecycle

 

Security controls apply consistently across all Mochadocs CLM components:

  • CREATE — controlled template management and secure document generation
  • SIGN — protected digital signing workflows and integrity validation
  • MANAGE — secure storage, lifecycle tracking, and audit-ready contract management

 

Mochadocs delivers a technically secure environment for managing contracts from creation through long-term management within a single platform.

SSO Information

Option one

 

Hybrid Model (SSO + External Authentication)

 

In this model:

  • Users within the customers domain authenticate via Single Sign-On (SSO).

  • External users (outside the customers domain) are authenticated through Mochadocs’ native authentication mechanism

 

Option two

 

Fully Federated Model (SSO Only)


In this model:

  • Only users within the customers' approved domain are permitted access.

  • The creation of external (non-domain) accounts is disabled.

  • All authentication requests are routed exclusively through the corporate Identity Service / Identity Security Domain Platform (ISDP).

Security Considerations


Both authentication models:

 

  • Enforce strong authentication controls.

  • Apply role-based authorization within Mochadocs.

  • Log and monitor authentication events.

  • Align with ISO 27001 access control requirements.

The choice between these models depends on the desired level of identity 

centralization and whether external users must be supported within the platform

 

Datacenters Information

Information

 

Datacenters

 

Mochadocs Contract Lifecycle Management (CLM) is fully hosted in data centers located within the European Economic Area (E.E.A.).

 

This means that all data processed in Mochadocs Create, Mochadocs Sign, and Mochadocs Manage is physically stored and handled within the E.E.A. As a result, we comply with applicable European laws and regulations on privacy and data protection, including the GDPR.

 

By choosing E.E.A. data centers, we ensure:

  • Data storage within E.E.A.
  • Strict compliance with European privacy legislation
  • High availability and security standards
  • Full control over where your contract data is located

 

For organizations working with sensitive contract information, this is essential. With Mochadocs CLM, you can be confident that your contracts are managed securely, compliantly, and within European borders.

Location

 

Datacenter 1: UpCloud Datacenters 

Datacenter: NL-AMS1

Location: Amsterdam

Cessnalaan 50, Schiphol-Rijk 1119 NL, The Netherland

  • ISO 22301 Security and resilience
  • ISO 27001 Information security management
  • SOC 1 Type II Internal controls related to financial reporting
  • SOC 2 Type II Data security and privacy
  • PCI-DSS Information security

Data center 2: UpCloud Datacenters 

Datacenter: NL-HEL2

Location: Helsinki

Sinimaentie 12 - Espoo, Finland, 02630

  • ISO 9001 Quality management
  • ISO 14001 Environmental management
  • ISO 22301 Security and resilience
  • ISO 27001 Information security management
  • ISO 45001 Occupational Health and Safety Management Systems
  • ISO 50001 Energy management
  • SOC 1 Type II Internal controls related to financial reporting
  • SOC 2 Type II Data security and privacy
  • PCI-DSS Information security

 

All UpCloud data centers are directly connected to the Internet via transit operators and Internet exchange points (IXPs). Additionally, UpCloud uses a dedicated backbone network for connectivity between data centers and carriers.