Secure. Scalable. Compliant.
GDPR
EU General Data Protection Regulation (GDPR) for Data Protection and Privacy of EU Individuals and Export of Personal Data
Privacy Shield
EU-U.S. and Swiss-U.S. Privacy Shield Framework for Personal Data Transfer from the EU and Switzerland to the United States
SOC 2
AICPA Service Organization Control Report on Security, Availability, and Confidentiality based on Trust Service Principles
CSA STAR
Security, Trust and Assurance Registry (STAR) Level 1 Certified with Cloud Security Alliance for Transparency and Security of Cloud Controls
HIPAA
US Health Insurance Portability and Accountability Act for Data Privacy and Security of Protected Health Information
21 CFR Part 11
US FDA Regulation for Controls on Computer Systems used in Electronic Records in support of GxP-regulated Activities
As the global leader in sales readiness, MindTickle delivers a cloud platform that leading enterprises across the globe trust for business-critical services.
Industry-leading Cloud Infrastructure
MindTickle is hosted on a highly secure cloud infrastructure with best-in-class security processes and comprehensive compliance programs such as Cloud Security Alliance, SOC1, SOC2, ISO 27001, ISO 27017, ISO 27018, PCI DSS, FIPS, GxP, HIPAA and NIST.
Globally Distributed Infrastructure
Automatic data distribution across multiple availability zones across regions provides replication and scalability across the platform for low latency and accelerated delivery of content; and ensures preparedness towards responding to business continuity events and disasters.
Advanced DDoS Protection
Our infrastructure and platform are guarded with advanced Distributed Denial of Service (DDoS) protection for always-on detection and automatic in-line mitigations that provides protection against all known infrastructure attacks to minimize application downtime and latency.
Continuous Threat Monitoring
Extensive security measures are installed for intelligent threat monitoring, ongoing intrusion detection, automated code scanning, periodic vulnerability assessments, and penetration testing; regular privacy reviews, and health monitoring through dashboards and alerting.
Strongest-grade Encryption
Customer information is protected using cryptographic security for data in transit using HTTPS through Transport Layer Security (TLS) protocol to protect from eavesdroppers and for data at rest with Advanced Encryption Standard (AES) to protect from unauthorized disclosure.
Customer Controlled Security
Stringent security controls are offered to customers to enable secure Single Sign-On (SSO) integration through SAML 2.0, setup account password complexity, configure email domain restrictions for platform access, and granular role-based access control.
Privacy by Design
MindTickle platform is designed to ensure privacy by default which allows protection and control of customer and user personal data through powerful user data management functionalities, log pseudonymization, data subject rights, transparent data breach disclosures, and data retention policy.
Regulatory Compliance and Audits
GDPR
-
- MindTickle is fully compliant with General Data Protection Regulation (GDPR), a European Union (EU) law on data protection and privacy for all individuals within the EU and the European Economic Area (EEA) and their personal data exported outside the EU and EEA.
- We offer GDPR-compliant Data Processing Addendum (DPA) to provide our customers GDPR and privacy protection assurance and to comply with our obligations as a Data Processor and help our customers meet their obligations as the Data Controllers. More details on our GDPR compliance can be accessed here.
Privacy Shield
-
- MindTickle is certified for compliance with both EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, which were designed by U.S. Department of Commerce, the European Commission and Swiss Administration to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
- Our Privacy Shield Framework compliance certification along with participation status, the purpose of data collection, and dispute resolution mechanism can be accessed here.
SOC 2
- MindTickle has audited its platform against the Trust Service Principles and Criteria prescribed by The American Institute of Certified Public Accountants (AICPA) and obtained a Service Organization Control 2 (SOC2) Type 2 report.
- This third-party assurance audit is performed on an annual basis to obtain an independent opinion on the suitability of the design and operating effectiveness of the implemented controls. Our SOC2 Type 2 report can be shared on request with customers and prospects.
CSA STAR
- MindTickle is compliant and certified as Level 1 with Security, Trust and Assurance Registry (STAR), an Open Certification Framework developed by Cloud Security Alliance (CSA) to promote best practice in the security assurance within Cloud Computing.
- MindTickle has completed the CSA Consensus Assessments Initiative Questionnaire (CAIQ), which provides visibility into MindTickle’s processes and practices followed to ensure security, confidentiality, and integrity of customer information. You can access MindTickle’s registry entry here.
HIPAA
- MindTickle is compliant with U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and undergoes an annual third-party HIPAA assessment to review our controls around privacy of individually identifiable health information as defined in the Privacy Rule and security of Electronic Protected Health Information as defined in the Security Rule.
- Our HIPAA compliance report can be shared upon request with customers and prospects. We also offer HIPAA-compliant Business Associate Agreement (BAA) to our customers who are subject to HIPAA.
21 CFR Part 11
- MindTickle is compliant with GxP regulation enforced by the US Food and Drug Administration (FDA) and defined in Title 21 of the Code of Federal Regulations (21 CFR) Part 11. We have implemented controls for computer systems that create, modify, maintain, archive, retrieve, or distribute electronic records under GxP-regulated activities.
- The third-party independent assessment is performed on an annual basis to ensure our ongoing compliance with 21 CFR Part 11. Our 21 CFR Part 11 compliance report can be shared on request with customers and prospects.