Mintigo understands that ensuring security, confidentiality and reliability of customer data is paramount to building trust. Several robust security measures are in place to protect customer data from unauthorized access, maintain data integrity and help ensure the appropriate use of customer data. Because security needs are continually evolving and require continuous improvements, Mintigo is committed to deploying the most advance security measures to ensure security and protection against various threats. Mintigo is SOC2 Type 2 compliant. Furthermore, with GDPR coming into effect, Mintigo is GDPR compliant.
Data Center Security
Mintigo’s SaaS platform is deployed at a tier-one data center of the world’s leading cloud services provider. Our hosting partner has global certifications including, but not limited to, SOC1/2/3, ISO27001, SSAE 16. Our hosting partner is GDPR compliant. Their data center and hosting services provide the following security measures:
- Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.
- Authorized staff must pass two-factor authentication a minimum of two times to access datacenter floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
- State-of-the-art fire detection and suppression.
- Power, climate and temperature management and controls.
- Redundant internal networks.
- The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week.
- Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.
- High bandwidth networks.
- Vulnerability reporting.
- Designated, dedicated and controlled network fully separated from the public Internet.
- Our network model implements multi-tiered subnets to segregate web, application and database traffic.
- Regular penetration tests by third party vendors to detect and remedy vulnerabilities.
- We store PII information encrypted using industry standard encryption mechanisms.
Secure Data Transmission & Session Management
- Data is secured during transmission by using TLS 1.1 / TLS 1.2
- User sessions are tokenized during the login process and each transaction is verified using the session token.
Tapeless Backup & Recovery
- Operational, Customer and IP data is backed up regularly and tested periodically.
- Electronic backup to different data center allows full restore of customer and application data.
Security Monitoring and Assessments
- Mintigo evaluates the application and network vulnerability periodically.
- We partner with third party independent security experts to conduct penetration testing.
- Mintigo monitors notifications and alerts from various sources to continually assess and remedy any potential security risk.