Featured resource, company news, or product update announcement
Learn more
Back

Our Commitment to Compliance

At Mindtickle, we adhere to global standards and regulatory frameworks to ensure the highest levels of security, privacy, and compliance.

As the global leader in sales readiness, Mindtickle delivers a cloud platform that leading enterprises across the globe trust for business-critical services.​

Security​

ISO-27001.png
ISO 27001:2022
  • ISO 27001 is a globally recognized standard for Information Security Management System (ISMS) which ensures data protection through effective risk management and comprehensive controls encompassing technical, organizational, people, and physical security measures.
  • We have completed an external audit of our platform and organizational practices aligned with established ISO 27001 requirements and have been certified, with our internal controls and policies successfully meeting the standard. You can access our ISO 27001:2022 certificate here.
SOC2_Logo.png
SOC 2
  • Mindtickle has audited its platform against the Trust Service Principles and Criteria prescribed by The American Institute of Certified Public Accountants (AICPA) and obtained a Service Organization Control 2 (SOC2) Type 2 report.
  • This third-party assurance audit is performed on a semi-annual basis to obtain an independent opinion on the suitability of the design and operating effectiveness of the implemented controls. Our SOC2 Type 2 report can be shared on request with customers and prospects.
SOC 3
SOC 3
    • Mindtickle’s SOC 3 is a general-use executive summary of the SOC 2 Type 2 Report and the auditor’s opinion on the design and operational effectiveness of our implemented controls.
    • This report provides a concise summary of our adherence to the Trust Service Principles, control effectiveness, and management’s assertion for broader distribution.
    • Mindtickle undergoes the SOC 3 audit on an annual basis, and you can access this publicly available report here.
VAPT
VAPT
  • Vulnerability Assessment and Penetration Testing (VAPT) is Mindtickle’s proactive security strategy for identifying, assessing, and mitigating potential security weaknesses across our infrastructure, applications, and services.

  • Mindtickle undergoes semi-annual independent third-party VAPT for its network, web, API, mobile applications, integrations and AI systems. These assessments cover OWASP Top 10 vulnerabilities and include testing for XSS, SQL injection, parameter manipulation, and other risks relevant to the application profile. A summary report is available upon request.

Privacy

27701.png
ISO 27701:2019
  • ISO 27701 is the standard providing a framework for establishing and improving a Privacy Information Management System (PIMS), helping organizations manage privacy risks, ensure compliance with data protection laws, and implement controls to protect personally identifiable information (PII) throughout its lifecycle.
  • Mindtickle is aligned with the standard, demonstrated robust privacy practices during the external audit, and has achieved the certification. You can access our ISO 27701:2019 certificate here.
gdpr-logo.jpeg
GDPR
  • Mindtickle is fully compliant with General Data Protection Regulation (GDPR), a European Union (EU) law on data protection and privacy for all individuals within the EU and the European Economic Area (EEA) and their personal data exported outside the EU and EEA.
  • We offer GDPR-compliant Data Processing Addendum (DPA) to provide our customers privacy protection assurance and to comply with our obligations as a Data Processor and help our customers meet their obligations as the Data Controllers. More details on our GDPR compliance can be accessed here.
CCPA
CCPA
  • Mindtickle is fully compliant with applicable provisions of California Consumer Privacy Act (CCPA), a state-wide statute intended for enhancing the data privacy and consumer protection rights for residents of California, United States (CA-US).
  • We offer CCPA-compliant Data Processing Addendum (DPA) to provide our customers privacy protection assurance and to comply with our obligations as a Service Provider and help our customers meet their obligations as the business entities. More details on our CCPA compliance can be accessed here.
UK-DPA-200x202-1.png
UK DPA
  • Mindtickle is fully compliant with applicable provisions of the UK Data Protection Act (UK DPA) 2018, the United Kingdom’s national law, that complements the European Union’s General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998.
  • We offer UK DPA-compliant Data Processing Addendum (DPA) to provide our customers with privacy protection assurance and comply with our obligations as a Data Processor and help our customers meet their obligations as the Data Controller.
Cross-Border Data Protection
DPF_program_logo.png
Data Privacy Framework (DPF)

  • Mindtickle is certified for compliance with EU-U.S. and Swiss-U.S. Data Privacy Framework (DPF), along with its UK Extension, which were developed by U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration.

  • Data Privacy Framework provides us with a reliable mechanism for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.

  • Our Data Privacy Framework compliance certification along with participation status, the purpose of data collection, and dispute resolution mechanism can be accessed here.

SCC-200x168-1.png
EU Standard Contractual Clauses
  • The Commission Implementing Decision (EU) 2021/914 of 4 June 2021 to transfer personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and the Council published New Standard Contractual Clauses (SCCs, also known as Model Contractual Clauses) to help safeguard European personal data.
  • Mindtickle has incorporated the new SCCs into our Data Processing Addendum to help protect our customers’ data and meet the requirements of European privacy legislation.
  • We offer GDPR-compliant Data Processing Addendum (DPA) to provide our customers privacy protection assurance and to comply with our obligations as a Data Processor and help our customers meet their obligations as the Data Controllers. More details on our GDPR compliance can be accessed here.
ICO-200x200-1.png
UK International Data Transfer Addendum
  • Mindtickle is fully compliant with the provisions of Article 46 of the UK GDPR and offers an International Data Transfer Addendum (IDTA) issued by the Information Commissioner’s Office (ICO) under Section 119A of the Data Protection Act 2018.
  • The IDTA acts as a transfer tool that allows organizations to transfer personal data outside of the UK. The addendum is part of Mindtickle’s pre-signed Data Processing Addendum (DPA) offered to its customers.
  • This third-party assurance audit is performed on an annual basis to obtain an independent opinion on the suitability of the design and operating effectiveness of the implemented controls. Our SOC2 Type 2 report can be shared on request with customers and prospects.
APEC-200x200-1.png
APEC PRP Compliance Program​
  • The Asia-Pacific Economic Cooperation (APEC) has designed the APEC Privacy Framework to provide an accountable approach to managing data privacy protection and the flow of personal information across borders.
  • Mindtickle, as a data processor, can demonstrate its adherence to APEC Privacy Framework and assist personal information controllers in complying with relevant privacy obligations by providing assurance around baseline requirements through completed standard intake questionnaire required for Privacy Recognition for Processors (PRP) compliance. You can access Mindtickle’s APEC PRP self assessment form here.
Business Continuity
22301.png
ISO 22301:2019
  • ISO 22301 is the international standard for Business Continuity Management Systems (BCMS), providing a framework to continually enhance resilience and ensure a systematic response to crises.
  • To strengthen the security and resilience of the Mindtickle platform, we have aligned our practices and implemented controls in accordance with the standard’s requirements, achieving certification through an external audit. You can access our ISO 22301:2019 certificate here.
Disaster Recovery
Disater Recovery
  • Disaster Recovery (DR) test validates the resilience and recoverability of Mindtickle’s critical systems and services in the event of a disruptive incident.
  • Mindtickle conducts semi-annual DR tests to simulate realistic scenarios such as database failures and infrastructure component loss to ensure business continuity and compliance with recovery time objectives (RTO) and recovery point objectives (RPO) defined in our Business Continuity and Disaster Recovery (BCDR) plan. A summary of our most recent DR test and its outcomes can be shared upon request with customers and prospects.
Cloud Security
27017.png
ISO 27017:2015
  • ISO 27017 provides guidelines for information security controls specific to cloud services. The standard addresses key security concerns such as data protection, access management, and shared responsibilities between cloud service providers and customers to ensure robust security practices in cloud-based services.
  • Mindtickle has identified and mitigated the unique security risks associated with providing cloud services and has undergone an external audit to achieve this certification. You can access our ISO 27017:2015 certificate here.
27018.png
ISO 27018:2019
  • ISO 27018 specifies guidelines taking into consideration the regulatory requirements for the protection of personally identifiable information (PII) within the context of the information security risk environment of public cloud service providers. It establishes commonly accepted control objectives for implementing privacy principles.
  • Mindtickle successfully demonstrated its stringent privacy controls for protecting PII in the public cloud environments, aligning with applicable data protection laws and privacy risk assessments. Following the audit, Mindtickle was awarded the certification for this standard. You can access our ISO 27018:2019 certificate here.
csa-star-bw-200x200-1.png
CSA STAR
  • Mindtickle is compliant and certified as Level 1 with Security, Trust and Assurance Registry (STAR), an Open Certification Framework developed by Cloud Security Alliance (CSA) to promote best practice in the security assurance within Cloud Computing.
  • Mindtickle has completed the CSA Consensus Assessments Initiative Questionnaire (CAIQ), which provides visibility into Mindtickle’s processes and practices followed to ensure security, confidentiality, and integrity of customer information. You can access Mindtickle’s registry entry here.
AI Compliance
42001
ISO 42001:2023
  • ISO 42001 is the first international, certifiable standard for Artificial Intelligence Management Systems (AIMS), providing requirements and guidance to establish, implement, maintain, and continually improve governance, risk assessment, ethical safeguards, and transparency across the entire AI lifecycle.
  • We have successfully aligned our AI governance processes and controls with ISO 42001 requirements and have undergone an independent third-party audit to validate our implementation and adherence to the standard. Our ISO 42001:2023 compliance report can be shared on request with customers and prospects.
EU AI ACT
EU AI Act
  • The EU Artificial Intelligence Act is a comprehensive, risk-based regulation for AI, classifying systems by risk level and imposing mandatory governance, transparency, safety, and human-oversight requirements for high-risk applications to ensure ethical and trustworthy AI deployment.
  • Mindtickle has fully aligned its AI governance framework with the EU AI Act by implementing risk assessments, technical documentation, human-in-the-loop measures, and semi-annual penetration tests with a focus on its AI features. Our EU AI Act compliance report can be shared on request with customers and prospects.
Industry Specific Compliance
HIPAA
HIPAA
  • Mindtickle is compliant with U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and undergoes an annual third-party HIPAA assessment to review our controls around privacy of individually identifiable health information as defined in the Privacy Rule and security of Electronic Protected Health Information as defined in the Security Rule.
  • Our HIPAA compliance report can be shared upon request with customers and prospects. We also offer HIPAA-compliant Business Associate Agreement (BAA) to our customers who are subject to HIPAA.
FINRA_Logo_New-200x200-1-removebg-preview
FINRA
  • U.S. Securities and Exchange Commission (SEC) Rule 17a-4 outlines the requirements for broker-dealers that fall under the Financial Industry Regulatory Authority (FINRA) jurisdiction to create, preserve and furnish a comprehensive record of each securities transaction.
  • Mindtickle helps customers in the financial services industry to meet the applicable FINRA compliance requirements. We have implemented technical and organizational measures to comply with the SEC Rule 17a-4 clause around data retention, indexing, accessibility, and format.
FDA-removebg-preview
21 CFR Part 11
  • Mindtickle is compliant with GxP regulation enforced by the US Food and Drug Administration (FDA) and defined in Title 21 of the Code of Federal Regulations (21 CFR) Part 11. We have implemented controls for computer systems that create, modify, maintain, archive, retrieve, or distribute electronic records under GxP-regulated activities.
  • The third-party independent assessment is performed on an annual basis to ensure our ongoing compliance with 21 CFR Part 11. Our 21 CFR Part 11 compliance report can be shared on request with customers and prospects.
Standadized Vendor Compliace
SIG-200x168-1.png
SIG
  • The Standardized Information Gathering (SIG) questionnaire, developed by Shared Assessments, offers a comprehensive set of questions to evaluate service providers’ risk controls. Organizations widely use SIG to manage their Third-Party Risk Management (TPRM) programs.
  • Mindtickle has assisted multiple customers in their TPRM compliance journey by providing information as necessary for the SIG questionnaire and associated documentation. Our SOC2 controls are aligned to meet the compliance obligations set forth by the SIG questionnaire.
VSA.png
Vendor Security Alliance (VSA)
  • The Vendor Security Alliance (VSA) is an industry-recognized security assessment created to help organizations evaluate their vendors’ security practices. This assessment covers domains such as data protection, risk management, access control, incident response, system monitoring, secure SDLC, and compliance audit practices.
  • We have thoroughly documented our responses to the VSA full questionnaire to provide visibility into our security, privacy, and compliance practices. This VSA assessment report, along with the supporting evidence, can be shared with customers and prospects upon request.
HECVAT.png
HECVAT
  • Higher Education Cloud Vendor Assessment Tool (HECVAT) is a framework designed for higher education institutions to assess vendor risk, ensuring security and privacy policies and controls protect sensitive institutional data and constituents’ PII.
  • We have completed HECVAT toolkit that offers clarity into our security, privacy, and compliance measures. This toolkit is listed in Higher Education Information Security Council’s Community Broker Index and you can request HECVAT assessment for performing security evaluation.
VPAT.png
Accessibility VPAT​
  • Voluntary Product Accessibility Template (VPAT) is used to evaluate how accessible a product is to people with disabilities. Organizations use VPAT to assess whether a product meets requirements for regulations like the Americans with Disabilities Act (ADA), Web Content Accessibility Guidelines (WCAG), Section 508 and European accessibility standards for ICT products and services (EN 301 549).
  • Mindtickle has evaluated its media and content player against the applicable criteria in WCAG 2.2 and has comprehensively documented its conformance against level AA in a VPAT version 2.5 document, which can be made available on request. You can also view the accessibility features provided by Mindtickle here.

More on security, privacy, and compliance

Security

Trust

Security Policy

Vendor Security

Transparency

Disclosure

Privacy

Privacy Policy

GDPR

DPF

CCPA

APEC PRP

Sub-processors

Platform

Platform Status

Uptime

Integrations

Browser Support

Accessibility

Terms

Terms of Service

DPA

SLA

Insurance

Acceptable Use

Ready to get started?

Get a demo

Training, content, & insights revenue teams need to win over buyers and close more deals.

Get a demo
🤓 New to MINDTICKLE?
🙌 WHO WE HELP
🏢 COMPANY
📚 RESOURCES