Mend is committed to protecting the privacy of its customers and invests efforts in safeguarding customers’ personal data by applying industry standard security practices and data management processes.
As a market-leading software security solution, Mend acknowledges the importance of the General Data Protection Regulation (GDPR) enacted by the European Union and has undertaken a series of steps to ensure compliance with its requirements.
A Data Protection Officer (DPO) was appointed to oversee current and future data management and security processes and to ensure they all comply with GDPR where applicable.
A detailed action plan covering GDPR requirements has been established with many of the warranted processes being already in place. Mend is aiming to make the required adjustments in both internal and external processes as required by GDPR.
The efforts are focused on four main areas:
Mend implements a comprehensive approach to data security, encompassing advanced authentication, access control and data confidentiality among other things.
Mend utilizes industry standard, production-grade data storage and security solutions and incorporates common security best practices. Data storage is backed up frequently and on a regular basis, with both main storage and backup encrypted at rest and in transfer.
In cases where internal operations entail the involvement of sub-processors (e.g., Google Cloud Platform, SalesForce CRM, etc.), Mend obtains a signed Data Processing Addendum (DPA) from each sub-processor and verifies compliance with the same data security and privacy standards.
Mend sets out to establish an organizational data management and usage process that accommodates GDPR requirements, with an emphasis on personal data. As part of this process Mend is implementing new guidelines for data collection, administration, storage and protection.
In Mend, the product design and development processes include integral review checkpoints for data usage and privacy.
The Mend employee training program includes periodical security training sessions, as required by our ISO 27001 certification. Mend is implementing a new training program designed to accommodate the adjustments warranted by GDPR requirements and includes dedicated data management and protection training specific to employees with access to personal data.
For any questions concerning GDPR and data management in Mend, please contact dpo@mend.io.