Mend.io’s information security leadership conducts regular risk assessments to constantly evaluate and improve the level of information security based on business needs and emerging threats. Mend.io’s information security management program is evaluated by the senior management security committee on a quarterly basis. At Mend.io, we understand that the security of your data and privacy is of utmost importance. As a leading Application Security company, we prioritize the protection and confidentiality of your sensitive information. This page provides an insight into our robust security measures, ensuring that your data is in safe hands.
Risk Management
Mend.io’s information security leadership conducts regular risk assessments to constantly evaluate and improve the level of information security based on business needs and emerging threats. Mend.io’s information security management program is evaluated by the senior management security committee on a quarterly basis.
Data Encryption
Mend.io employs state-of-the-art encryption techniques to safeguard your data both at rest and in transit. All data is encrypted using industry-standard protocols (EG TLS 1.2, AES-256), ensuring that unauthorized individuals cannot access or decipher it.
Access Controls
Mend.io implements stringent access controls to limit data access only to authorized personnel. Role-based access control (RBAC) ensures that employees are granted access to specific data based on their responsibilities and job roles, minimizing the risk of unauthorized access. All systems used to provide services to our customers utilize Single Sign-on with MFA enforced. Access to data centers is limited in accordance with the principles of “Least privilege” and it implements Zero Trust principles.
Secure Infrastructure
Our infrastructure is hosted on highly secure Cloud provider (Amazon AWS/Microsoft Azure) data centers that adhere to the strictest industry standards. Mend.io works with these trusted partners to ensure that our physical and virtual infrastructure is protected against threats, including unauthorized access, power outages, and natural disasters.
Regular Audits and Testing
Mend.io conducts regular security audits and assessments to identify vulnerabilities and address any potential risks promptly.
Incident Response
In the event of a security incident, Mend.io has a well-defined and tested incident response plan in place. Our dedicated security team promptly investigates and responds to any potential breaches, minimizing the impact and restoring normal operations as quickly as possible.
Secure SDLC
Mend.io maintains a robust secure SDLC program. The program follows industry best practices such as OWASP Top 10 and “Security by Design Principles”. Mend.io implements multiple controls to secure the SDLC process, including automated code scanning, automated open-source vulnerability scanning and remediation, supply chain attacks automated detection and mitigation, secure code reviews, on-going secure coding training for developers and more.
Penetration Testing
Services provided by Mend.io undergo semi-annual penetration tests by a 3rd party. Mend.io runs robust vulnerability disclosure and bug bounty programs with HackerOne.
Network and Application Security
Mend.io utilizes multiple industry leading tools to constantly obtain the highest level of security throughout its infrastructure. Utilized tools include: network firewalls, HIDS, NIDS, web application firewalls, anti-malware, file integrity monitoring, container runtime security, data leak prevention and more.
Data Backups and Disaster Recovery
Mend.io maintains comprehensive data backup and disaster recovery plans to ensure the availability and integrity of your data. Regular backups and offsite replication enable us to quickly restore your data in case of any unforeseen incidents.
Compliance and Certifications
Mend.io is committed to maintaining compliance with relevant industry regulations and standards. Mend.io’s information security management system is ISO 27001:2013 certified and undergoes a SOC2 audit annually. Regular audits and certifications validate our commitment to security and data privacy. Mend.io’s information security controls are compliant with leading industry standards, including NIST 800-53, CSA CMM, CIS controls and others.
User Awareness and Training
Mend.io prioritizes user education and awareness to foster a security-conscious environment. We provide resources and training to our employees, empowering them to make informed decisions and take necessary precautions.
At Mend.io, we continuously monitor, assess, and enhance our security practices to stay ahead of emerging threats. We understand that security is an ongoing process, and we are committed to being proactive in safeguarding your data. We value your trust and strive to provide you with the highest level of security and privacy.
Compliance
Mend.io’s information security management system is ISO 27001:2013 certified and undergoes a SOC2 audit annually.
