Cybersecurity is built into everything we do. We combine enterprise-class security with stringent audits to meet cybersecurity and privacy regulations.
Certified to meet industry standards
MindBridge complies with the American Institute of CPAs Security Organization Controls (SOC) and is certified SOC 2® Type 2 and SOC 3® Type 2. 
MindBridge’s certification for ISO/IEC 27001:2013, ISO 27017:2015, and ISO 27018:2019 was issued by A-LIGN, an independent and accredited certification body, on successful completion of a formal audit process. 
Our independent third-party auditor, A-LIGN Compliance and Security, maintains its ISO accreditation from the ANAB. 
Algorithm assurance performed by world leading experts in AI methods, algorithm safety and robustness. Adherence to internationally recognized standards
ISO 27001: 2013 is a security standard that governs an organization’s Information Security Management System (ISMS) and mandates specific requirements in the implementation, monitoring, maintenance, and continuous improvement of the ISMS. This includes implementing steps to identify and maintain the assets, technologies, and processes needed to protect customer information and to help ensure the confidentiality, integrity, and availability of customer data and supporting services.
ISO 27017: 2018 is a security standard that provides guidance on the information security aspects of cloud computing.
MindBridge uses this standard to supplement the ISO 27001:2013 standard with cloud-specific controls that are applied to its public cloud environment.
ISO 27018: 2019 is a code of practice that focuses on protection of personally identifiable information (PII) in the public cloud.
By providing cloud services, MindBridge acts as a data processor to its customers. MindBridge uses ISO/IEC 27018:2014 standard in order to protect the PII that it processes for its customers.
SOC 2 reports contain an independent attestation of control environment relevant to system security, confidentiality and availability. SOC 2 audits are conducted against SSAE 18 attestation standards.
MindBridge uses the SOC 2 reports to demonstrate the operating effectiveness of its controls used relates to security, availability, processing integrity, confidentiality, and privacy of its public cloud environment.
MindBridge is SOC 3 compliant. SOC 3 is a report based on the same standards as a SOC 2 report, but instead, a SOC 3 report includes a description of the controls in place at the service organization as of a specific date, as well as an opinion from an independent service auditor about the effectiveness of the controls over the audit period.
The purpose of a SOC 3 report is to provide assurance to customers, stakeholders, and other interested parties about the controls in place at the service organization that relate to the trust principles of security, availability, processing integrity, confidentiality, and privacy.
Get more layers of protection with MindBridge
MindBridge was created with cybersecurity and privacy at its core. We keep pace with the latest data protection practices to ensure that our AI auditing software is resilient, compliant, and fully secure.
Secure cloud infrastructure
MindBridge is hosted on fully redundant cloud infrastructure that provides the highest level of protection from both a physical and cybersecurity standpoint.
Data privacy and security
MindBridge allows users to set privileges and enable multiple forms of authentication to protect client data.
Encrypted communication
MindBridge offers built-in end-to-end encryptions that secure connections between our customers, our service, and our support.
Work with a partner you can trust
Good cyber hygiene is an ongoing risk mitigation process requiring strong partnerships with organizations you can trust.
Reliability & integrity
Multiple layers of security and redundancy controls are built into our platform to keep your system up, running, and safe from threats.
Transparency & openness
We share information on any emerging threats and provide recommendations to mitigate vulnerabilities.
Proactive risk mitigation
We address potential vulnerabilities before they happen. Certified third parties regularly penetration-test our software.