The Sales Readiness Platform Trusted by Global Enterprise Organizations

Secure. Scalable. Compliant.


AICPA Service Organization Control Report on Security, Privacy, Availability, and Confidentiality based on Trust Service Principles


EU General Data Protection Regulation (GDPR) for Data Protection and Privacy of EU Individuals and Export of Personal Data


California Consumer Privacy Act (CCPA) for Data Privacy and Consumer Protection of California Residents


The Data Protection Act (DPA) 2018 is the United Kingdom’s (UK) implementation of the General Data Protection Regulation (GDPR)

21 CFR Part 11

US FDA Regulation for Controls on Computer Systems used in Electronic Records in support of GxP-regulated Activities


US Health Insurance Portability and Accountability Act for Data Privacy and Security of Protected Health Information


Security, Trust and Assurance Registry (STAR) Level 1 Certified with Cloud Security Alliance for Transparency and Security of Cloud Controls


Security Controls aligned with Shared Assessments’ Standardized Information Gathering (SIG) Questionnaire for Third-Party Risk Management programs


SEC Rule 17a-4 regulation issued by the U.S. Securities and Exchange Commission and mandated by FINRA for dealer-brokers

As the global leader in sales readiness, Mindtickle delivers a cloud platform that leading enterprises across the globe trust for business-critical services.

Industry-leading Cloud Infrastructure

Mindtickle is hosted on a highly secure Amazon Web Service (AWS) cloud infrastructure with best-in-class security processes and comprehensive compliance programs such as Cloud Security Alliance, SOC1, SOC2, ISO 27001, ISO 27017, ISO 27018, PCI DSS, FIPS, GxP, HIPAA and NIST.

Globally Distributed Infrastructure

Automatic data distribution across multiple availability zones across regions provides replication and scalability across the platform for low latency and accelerated delivery of content; and ensures preparedness towards responding to business continuity events and disasters.

Advanced DDoS Protection

Our infrastructure and platform are guarded with advanced Distributed Denial of Service (DDoS) protection for always-on detection and automatic in-line mitigations that provide protection against all known infrastructure attacks to minimize application downtime and latency.

Continuous Threat Monitoring

Extensive security measures are installed for intelligent threat monitoring, ongoing intrusion detection, automated code scanning, periodic vulnerability assessments, and penetration testing, regular privacy reviews, and health monitoring through dashboards and alerting.

Strongest-grade Encryption

Customer information is protected using cryptographic security for data in transit using HTTPS through Transport Layer Security (TLS) protocol to safeguard from eavesdroppers and for data at rest with Advanced Encryption Standard (AES) to protect from unauthorized disclosure.

Customer Controlled Security

Stringent security controls are offered to customers to enable secure Single Sign-On (SSO) integration through SAML 2.0, setup account password complexity, configure email domain restrictions for platform access, and granular role-based access control.

Security Policy

To meet our contractual and regulatory compliance obligations toward security and customers’ data protection, we have implemented detailed controls through a security policy. Our security policy comprehensively covers all the areas of the security program and processes implemented at organizational, technical, and cloud infrastructure levels for data protection.

Privacy by Design

Mindtickle platform is designed to ensure privacy by default, allowing protection and control of customer and user personal data through powerful user data management functionalities, log pseudonymization, data subject rights, transparent data breach disclosures, and data retention policy.

Responsible Vulnerability Disclosure

In alignment with our commitment to protect the data our customers have entrusted to us, we are promoting a culture of responsible disclosure of vulnerabilities that affects the security and privacy of our platform and its users.

Accessibility Features

Mindtickle has reviewed the content player pages of the platform to provide accessibility features towards Americans with Disability Act (ADA) and Section 508. The platform follows some of the best industry practices around accessibility standards including Web Content Accessibility Guidelines (WCAG) and Web Accessibility Standards (WAS).

Vendor Assessment Ready Profiles

Mindtickle has its presence in all leading vendor cyber security assessment platforms to ensure hassle-free onboarding compliant with your third-party procurement process. We are available on SecurityScorecard, Whistic, CyberGRX, ThirdPartyTrust, Panorays, Conveyor, Openli, and ComplianceRank.

Regulatory Compliance and Audits


  • Mindtickle has audited its platform against the Trust Service Principles and Criteria prescribed by The American Institute of Certified Public Accountants (AICPA) and obtained a Service Organization Control 2 (SOC2) Type 2 report.
  • This third-party assurance audit is performed on an annual basis to obtain an independent opinion on the suitability of the design and operating effectiveness of the implemented controls. Our SOC2 Type 2 report can be shared on request with customers and prospects.


  • Mindtickle is fully compliant with General Data Protection Regulation (GDPR), a European Union (EU) law on data protection and privacy for all individuals within the EU and the European Economic Area (EEA) and their personal data exported outside the EU and EEA.
  • We offer GDPR-compliant Data Processing Addendum (DPA) to provide our customers privacy protection assurance and to comply with our obligations as a Data Processor and help our customers meet their obligations as the Data Controllers. More details on our GDPR compliance can be accessed here.


  • Mindtickle is fully compliant with applicable provisions of California Consumer Privacy Act (CCPA), a state-wide statute intended for enhancing the data privacy and consumer protection rights for residents of California, United States (CA-US).
  • We offer CCPA-compliant Data Processing Addendum (DPA) to provide our customers privacy protection assurance and to comply with our obligations as a Service Provider and help our customers meet their obligations as the business entities. More details on our CCPA compliance can be accessed here.


  • Mindtickle is fully compliant with applicable provisions of the UK Data Protection Act (UK DPA) 2018, the United Kingdom’s national law, that complements the European Union’s General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998.
  • We offer UK DPA-compliant Data Processing Addendum (DPA) to provide our customers with privacy protection assurance and comply with our obligations as a Data Processor and help our customers meet their obligations as the Data Controller.

UK International Data Transfer Addendum

  • Mindtickle is fully compliant with the provisions of Article 46 of the UK GDPR and offers an International Data Transfer Addendum (IDTA) issued by the Information Commissioner’s Office (ICO) under Section 119A of the Data Protection Act 2018.
  • The IDTA acts as a transfer tool that allows organizations to transfer personal data outside of the UK. The addendum is part of Mindtickle’s pre-signed Data Processing Addendum (DPA) offered to its customers.

EU Standard Contractual Clauses

  • The Commission Implementing Decision (EU) 2021/914 of 4 June 2021 to transfer personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and the Council published New Standard Contractual Clauses (SCCs, also known as Model Contractual Clauses) to help safeguard European personal data.
  • Mindtickle has incorporated the new SCCs into our Data Processing Addendum to help protect our customers’ data and meet the requirements of European privacy legislation.
  • Although invalidated, Mindtickle continues to remain certified under both EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

APEC PRP Compliance

  • The Asia-Pacific Economic Cooperation (APEC) has designed the APEC Privacy Framework to provide an accountable approach to managing data privacy protection and the flow of personal information across borders.
  • Mindtickle, as a data processor, can demonstrate its adherence to APEC Privacy Framework and assist personal information controllers in complying with relevant privacy obligations by providing assurance around baseline requirements through completed standard intake questionnaire required for Privacy Recognition for Processors (PRP) compliance. You can access Mindtickle’s APEC PRP self assessment form here.


  • Mindtickle is compliant and certified as Level 1 with Security, Trust and Assurance Registry (STAR), an Open Certification Framework developed by Cloud Security Alliance (CSA) to promote best practice in the security assurance within Cloud Computing.
  • Mindtickle has completed the CSA Consensus Assessments Initiative Questionnaire (CAIQ), which provides visibility into Mindtickle’s processes and practices followed to ensure security, confidentiality, and integrity of customer information. You can access Mindtickle’s registry entry here.


  • Mindtickle is compliant with U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and undergoes an annual third-party HIPAA assessment to review our controls around privacy of individually identifiable health information as defined in the Privacy Rule and security of Electronic Protected Health Information as defined in the Security Rule.
  • Our HIPAA compliance report can be shared upon request with customers and prospects. We also offer HIPAA-compliant Business Associate Agreement (BAA) to our customers who are subject to HIPAA.

21 CFR Part 11

  • Mindtickle is compliant with GxP regulation enforced by the US Food and Drug Administration (FDA) and defined in Title 21 of the Code of Federal Regulations (21 CFR) Part 11. We have implemented controls for computer systems that create, modify, maintain, archive, retrieve, or distribute electronic records under GxP-regulated activities.
  • The third-party independent assessment is performed on an annual basis to ensure our ongoing compliance with 21 CFR Part 11. Our 21 CFR Part 11 compliance report can be shared on request with customers and prospects.


  • The Standardized Information Gathering (SIG) questionnaire, developed by Shared Assessments, offers a comprehensive set of questions to evaluate service providers’ risk controls. Organizations widely use SIG to manage their Third-Party Risk Management (TPRM) programs.
  • Mindtickle has assisted multiple customers in their TPRM compliance journey by providing information as necessary for the SIG questionnaire and associated documentation. Our SOC2 controls are aligned to meet the compliance obligations set forth by the SIG questionnaire.


  • U.S. Securities and Exchange Commission (SEC) Rule 17a-4 outlines the requirements for broker-dealers that fall under the Financial Industry Regulatory Authority (FINRA) jurisdiction to create, preserve and furnish a comprehensive record of each securities transaction.
  • Mindtickle helps customers in the financial services industry to meet the applicable FINRA compliance requirements. We have implemented technical and organizational measures to comply with the SEC Rule 17a-4 clause around data retention, indexing, accessibility, and format.