AICPA Service Organization Control Report on Security, Privacy, Availability, and Confidentiality based on Trust Service Principles
EU General Data Protection Regulation (GDPR) for Data Protection and Privacy of EU Individuals and Export of Personal Data
California Consumer Privacy Act (CCPA) for Data Privacy and Consumer Protection of California Residents
The Data Protection Act (DPA) 2018 is the United Kingdom’s (UK) implementation of the General Data Protection Regulation (GDPR)
US FDA Regulation for Controls on Computer Systems used in Electronic Records in support of GxP-regulated Activities
US Health Insurance Portability and Accountability Act for Data Privacy and Security of Protected Health Information
Security, Trust and Assurance Registry (STAR) Level 1 Certified with Cloud Security Alliance for Transparency and Security of Cloud Controls
Data Privacy Framework (DPF) Program Certified for Transfer of Data from EU, UK and Switzerland to United States
SEC Rule 17a-4 regulation issued by the U.S. Securities and Exchange Commission and mandated by FINRA for dealer-brokers
Mindtickle is hosted on a highly secure Amazon Web Service (AWS) cloud infrastructure with best-in-class security processes and comprehensive compliance programs such as Cloud Security Alliance, SOC1, SOC2, ISO 27001, ISO 27017, ISO 27018, PCI DSS, FIPS, GxP, HIPAA and NIST.
Automatic data distribution across multiple availability zones across regions provides replication and scalability across the platform for low latency and accelerated delivery of content; and ensures preparedness towards responding to business continuity events and disasters.
Our infrastructure and platform are guarded with advanced Distributed Denial of Service (DDoS) protection for always-on detection and automatic in-line mitigations that provide protection against all known infrastructure attacks to minimize application downtime and latency.
Extensive security measures are installed for intelligent threat monitoring, ongoing intrusion detection, automated code scanning, periodic vulnerability assessments, and penetration testing, regular privacy reviews, and health monitoring through dashboards and alerting.
Customer information is protected using cryptographic security for data in transit using HTTPS through Transport Layer Security (TLS) protocol to safeguard from eavesdroppers and for data at rest with Advanced Encryption Standard (AES) to protect from unauthorized disclosure.
Stringent security controls are offered to customers to enable secure Single Sign-On (SSO) integration through SAML 2.0, setup account password complexity, configure email domain restrictions for platform access, and granular role-based access control.
To meet our contractual and regulatory compliance obligations toward security and customers’ data protection, we have implemented detailed controls through a security policy. Our security policy comprehensively covers all the areas of the security program and processes implemented at organizational, technical, and cloud infrastructure levels for data protection.
Mindtickle platform is designed to ensure privacy by default, allowing protection and control of customer and user personal data through powerful user data management functionalities, log pseudonymization, data subject rights, transparent data breach disclosures, and data retention policy.
In alignment with our commitment to protect the data our customers have entrusted to us, we are promoting a culture of responsible disclosure of vulnerabilities that affects the security and privacy of our platform and its users.
Mindtickle has reviewed the content player pages of the platform to provide accessibility features towards Americans with Disability Act (ADA) and Section 508. The platform follows some of the best industry practices around accessibility standards including Web Content Accessibility Guidelines (WCAG) and Web Accessibility Standards (WAS).
Mindtickle has its presence in all leading vendor cyber security assessment platforms to ensure hassle-free onboarding compliant with your third-party procurement process. We are available on SecurityScorecard, Whistic, CyberGRX, ThirdPartyTrust, Panorays, Conveyor, Openli, and ComplianceRank.
Mindtickle is certified for compliance with EU-U.S. and Swiss-U.S. Data Privacy Framework (DPF), along with its UK Extension, which were developed by U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration.
Data Privacy Framework provides us with a reliable mechanism for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.
Our Data Privacy Framework compliance certification along with participation status, the purpose of data collection, and dispute resolution mechanism can be accessed here.