MindBridge complies with the American Institute of CPAs (AICPA) System and Organization Controls (SOC) framework and has successfully completed SOC 2® Type 2 and SOC 3® Type 2 audits.
MindBridge is certified to the ISO/IEC 27001:2022, ISO/IEC 27017:2015, and ISO/IEC 27018:2019 standards by A-LIGN, an independent and accredited certification body, following the successful completion of a formal audit process.
Adherence to internationally recognized standards
ISO 27001
ISO 27001 ISO 27001: 2022 is a security standard that governs an organization’s Information Security Management System (ISMS) and mandates specific requirements in the implementation, monitoring, maintenance, and continuous improvement of the ISMS. This includes implementing steps to identify and maintain the assets, technologies, and processes needed to protect customer information and to help ensure the confidentiality, integrity, and availability of customer data and supporting services.
ISO 27017
ISO 27017 ISO/IEC 27017: 2015 is an international standard that offers guidance on implementing information security controls for cloud service providers and customers, based on ISO/IEC 27002.
MindBridge aligns with this standard to strengthen its ISO/IEC 27001-certified information security management system (ISMS) by incorporating additional cloud-specific security controls relevant to its public cloud infrastructure and operations.
ISO 27018
ISO 27018 ISO/IEC 27018: 2019 is an international code of practice that establishes controls and guidelines for protecting personally identifiable information (PII) in public cloud computing environments that act as PII processors.
By providing cloud services, MindBridge acts as a data processor to its customers. MindBridge uses ISO/IEC 27018:2014 standard in order to protect the PII that it processes for its customers.
SOC 1
SOC 1 MindBridge has obtained a SOC 1 Type 2 attestation report, which provides an independent assessment of controls relevant to financial reporting. SOC 1 audits are conducted in accordance with SSAE 18 attestation standards and evaluate the design and operating effectiveness of controls over a defined audit period.
The SOC 1 Type 2 report demonstrates MindBridge’s commitment to maintaining effective internal controls that support the accuracy, completeness, and integrity of financial information for customers and partners.
SOC 2
SOC 2 SOC 2 reports contain an independent attestation of control environment relevant to system security, confidentiality and availability. SOC 2 audits are conducted against SSAE 18 attestation standards.
MindBridge uses the SOC 2 reports to demonstrate the operating effectiveness of its controls used relates to security, availability, processing integrity, confidentiality, and privacy of its public cloud environment.
SOC 3
SOC 3 MindBridge is SOC 3 compliant. SOC 3 is a report based on the same standards as a SOC 2 report, but instead, a SOC 3 report includes a description of the controls in place at the service organization as of a specific date, as well as an opinion from an independent service auditor about the effectiveness of the controls over the audit period.
The purpose of a SOC 3 report is to provide assurance to customers, stakeholders, and other interested parties about the controls in place at the service organization that relate to the trust principles of security, availability, processing integrity, confidentiality, and privacy.
ISO 27001: 2022 is a security standard that governs an organization’s Information Security Management System (ISMS) and mandates specific requirements in the implementation, monitoring, maintenance, and continuous improvement of the ISMS. This includes implementing steps to identify and maintain the assets, technologies, and processes needed to protect customer information and to help ensure the confidentiality, integrity, and availability of customer data and supporting services.
ISO 27017: 2018 is a security standard that provides guidance on the information security aspects of cloud computing.
MindBridge uses this standard to supplement the ISO 27001:2013 standard with cloud-specific controls that are applied to its public cloud environment.
ISO 27018: 2019 is a code of practice that focuses on protection of personally identifiable information (PII) in the public cloud.
By providing cloud services, MindBridge acts as a data processor to its customers. MindBridge uses ISO/IEC 27018:2014 standard in order to protect the PII that it processes for its customers.
SOC 2 reports contain an independent attestation of control environment relevant to system security, confidentiality and availability. SOC 2 audits are conducted against SSAE 18 attestation standards.
MindBridge uses the SOC 2 reports to demonstrate the operating effectiveness of its controls used relates to security, availability, processing integrity, confidentiality, and privacy of its public cloud environment.
MindBridge is SOC 3 compliant. SOC 3 is a report based on the same standards as a SOC 2 report, but instead, a SOC 3 report includes a description of the controls in place at the service organization as of a specific date, as well as an opinion from an independent service auditor about the effectiveness of the controls over the audit period.
The purpose of a SOC 3 report is to provide assurance to customers, stakeholders, and other interested parties about the controls in place at the service organization that relate to the trust principles of security, availability, processing integrity, confidentiality, and privacy.
