Security & Compliance

Maxwell Company Description

We built Maxwell to give local lending teams a permanent, disruptive financial advantage.

Today, our suite of technology-powered solutions addresses the entire mortgage loan process, from intake of application to the secondary market. Through our Mortgage Optimization Platform, we help non-depository mortgage banks, credit unions, brokers, and local banks connect their communities with the life-changing benefits of homeownership.

Maxwell was founded in 2015 by homebuyers who believed a better mortgage process was possible for lenders and borrowers. After spending a year with over 1,000 mortgage professionals, the founding team set out to build solutions that would help lenders gain efficiency, streamline their processes, and focus on high-value work to grow their businesses.

Now, we employ world-class software experts and mortgage experts to innovate solutions that help local lenders compete and win against the industry’s largest players.

Product Description

Maxwell Business Intelligence (Maxwell BI) is a reporting and analytics suite built for the mortgage industry.  We provide out-of-the-box reporting capabilities by connecting to our lending partner's Loan Origination System, collecting and aggregating loan data, and surfacing business insights in an easy to use web application, with minimal up-front time or resource investment.

Maxwell Business Intelligence - Marketing Single Page

Terms and Conditions

When accessing the Maxwell BI web application for the first time, users will be prompted to review and accept the legal Terms and Conditions. The latest Terms and Conditions can be viewed at any time by visiting:

https://himaxwell.com/terms/mortgage_intelligence

These are subject to change at any time.  In the event of a change to the terms, users will be prompted to accept the new terms when they next access the web application.  Maxwell maintains an audit record of the language included in each revision of the Terms and Conditions, as well as the user record, date, and time, of each acceptance.

Information Security Policies

Maxwell maintains detailed information security policies that are reviewed every quarter.

All Maxwell employees are located on-shore, pass background checks prior to employment, and are required to complete role-based security training to complement the Information Security Policies. Additionally, the Information Security Policies also govern Maxwell’s rigorous security standards in working with vendors, partners and customers.

A summary of Maxwell Information Security Policies can be made available, upon request, for qualifying customers under an NDA. Individual policies can be made available, under qualifying circumstances, for onsite review.

Industry Leading Credentials

Maxwell has undergone independent audits for SOC2 Type 1 and SOC2 Type 2 certifications. More information on SOC 2 can be found on the AICPA website.

Maxwell’s commitment to industry standards is further validated through security and vulnerability assessments that are carried out by third-party experts on a regular basis.

Audit reports can be made available, upon request, for qualifying customers under an NDA.

Business Continuity and Disaster Recovery

Maxwell has documented Crisis Management and IT process recovery procedures, together with functions to ensure continuous DR training, testing and maintenance. To guide this effort, a Risk Assessment and Business Impact Analysis (BIA) were conducted to both identify potential threats and establish the prioritized timeframes for the recovery of Maxwell’s core processes and systems.

A Business Continuity and Disaster Recovery Plan can be made available, upon request, for qualifying customers under an NDA.

Vulnerability and Penetration Testing

All Maxwell code undergoes a time-boxed, source-assisted penetration test by a third-party on a regular basis. The purpose of these tests is to identify exposure to any malicious actors, whether directly or indirectly, and audit the code for any vulnerabilities and insecure design. Every test performed on code, deployment, network perimeter, or corporate security is documented internally and accompanied by recommendations to improve security.

Regular Vulnerability and Penetration testing by independent third parties also allow Maxwell products & services to stay abreast of an evolving cybersecurity landscape.

Additional information on third-party Vulnerability and Penetration testing can be made available, upon request, for qualifying customers under an NDA.

Best in Class Application Security

All lenders and borrowers who interact with Maxwell are protected by our commitment to security, safety and privacy. As an ICE Mortgage Technology Partner, Maxwell has passed all security requirements outlined by ICE as part of their partner program. More information on these security guidelines can be found on the ICE website.

In addition to the third-party audits outlined in this document, Maxwell applications are also subject to the multiple audits by our LOS partners. These include, but are not limited to:

  • Transport Layer Security (TLS) server test - Required overall rating of A or above Static code scans of the API or code, for any vulnerabilities
  • Third party signed digital certificate chains
  • Secure, HTTPS data transit with a communication protocol of TLS 1.2 and above AES encryption of 256 bits and IP whitelisting for REST data
  • Internal security policies for access control, incident response, and data storage

Additional information on Maxwell applications and their architecture can be made available, upon request, for qualifying customers under an NDA.

FAQs

Company

Where are the Maxwell headquarters?

1700 Lincoln St, Suite 2900
Denver, CO 80203
United States

Delete

When was Maxwell founded?

2015

Delete

What is Maxwell's primary website?

https://himaxwell.com/

Delete

How many employees does Maxwell have?

100-499

Delete

What is Maxwell's legal structure?

Corporation

Delete

Is Maxwell publicly traded?

No.

Delete

Reputation

Does Maxwell have any negative news coverage found in local or online searches?

No.

Delete

Does Maxwell have any open or pending significant lawsuits or other legal proceedings?

No.

Delete

Does Maxwell have any open audit findings from regulatory bodies or other relevant governing bodies?

No.

Delete

Has Maxwell been fined due to violations or non-compliance (e.g., regulatory, legal, etc.)?

No.

Delete

Information Security

What administrative tools does Maxwell provide with Maxwell BI?

Maxwell Business Intelligence includes an administrative dashboard for managing internal users.  Customers have full control over creating and removing users.

Delete

Does Maxwell use subcontractors that will provide application or back-end support, and/or process, access, store, or transmit any data in conjunction with Maxwell Business Intelligence?

No, access to back-end systems is restricted to Maxwell full-time employees only.

Delete

What third-party providers or external data centers does Maxwell Business Intelligence utilize?

Amazon Web Services (AWS)
Cloud services.
https://aws.amazon.com/compliance/faq/
Headquarters: Seattle, WA

Heroku
Web Application hosting services.
https://www.heroku.com/policy/security
Headquarters: San Francisco, CA

Snowflake
Data processing services.
https://www.snowflake.com/snowflakes-security-compliance-reports/
Headquarters: Bozeman, MT

Metabase
Data visualization services.
https://www.metabase.com/security
Headquarters: San Francisco, CA

OpenAI
Text to SQL services.  No access to underlying data.
https://openai.com/security
Headquarters: San Francisco, CA

Delete

Foreign Based

Will Maxwell interact or have the potential to interact with foreign government officials or entities on our organization's behalf?

No.

Delete

Will any services related to Maxwell Business Intelligence be provided from a location outside the United States of America (whether provided directly by your company or by a subcontractor)?

No.

Delete


Was this page helpful?

YesNoSubmit feedback