Mimecast Logo
Get a Quote

    Governance

    Mimecast’s governance structure ensures strong oversight and accountability for ESG matters through a unified framework led by our Board of Directors, Executive Leadership Team, and ESG Council. Chaired by the General Counsel/Chief Legal Officer and including members from relevant functions, the ESG Council drives ESG strategy, reviews policies, and reports progress to the Board.

    Risk management is integrated across the business and covers:

    • Strategic risks: material concerns impacting profit, people, and environmental objectives
    • Operational risks: managed within each function and escalated if they could materially affect the enterprise
    • Sustainability-related risks: including climate and ESG risks, identified through materiality assessments and embedded in enterprise risk management
    • Specialist oversight: dedicated teams from information security ensure governance part of daily decision-making and operations
    • Third Party Risk Management: Comprehensive risk assessment and evaluation of our critical third-party partners, encompassing multiple dimensions including environmental sustainability considerations.

    This structure enables Mimecast to proactively manage risks, uphold ethical standards, and deliver on our ESG commitments.

    AI Governance and Responsible Use

    Mimecast is ISO 42001 certified for AI Management System, demonstrating a commitment to responsible innovation, ongoing monitoring, and alignment with industry best practices.

    Mimecast’s AI governance framework ensures that artificial intelligence is developed and used ethically, securely, and in alignment with emerging global standards. Oversight is provided by the AI Governance Council, which develops and enforces policies for transparency, ethics, and safety across all AI applications.

    Key activities include:

    • Risk Management: Regular AI impact and risk assessments covering ethical, operational, data privacy, and regulatory compliance.
    • Responsible AI Practices: Guidelines for ethical and responsible use of AI are accessible to all employees, outlining best practices and mitigating risks such as data integrity and privacy concerns.
    • AI Due Diligence: AI-specific due diligence is integrated into vendor onboarding, ensuring external partners meet Mimecast’s ethical and compliance standards.
    • Training, Awareness and Culture: Organization-wide AI training to build fluency and ensure employees understand responsible AI practices and how to uphold them in their roles.
    • Continuous Improvement: Monitor, evaluate, and update AI governance practices to stay aligned with evolving best practices and regulations.
    • This structure enables Mimecast to innovate securely and ethically while maintaining trust, transparency, and compliance in all AI-driven activities.

    Governance Certification and Frameworks

    Mimecast holds multiple certifications demonstrating excellence in governance and security: A range of our certifications includes: ISO /IEC 27001: 2022 (Information Security), ISO/ICE 27701: 2019 (Privacy), ISO 22301:2019 (Business Continuity), Cyber Essentials and Cyner Essential Plus. We also maintain SOC 2 Type 2, HIPAA, TISAX, HITECH certifications.

    We are preparing for new certification: ISO 30071-1 (accessibility), C5, and CMMC.

    Our policies and training ensure ethical conduct, transparency, and compliance across all areas of the business.

    For additional legal and governance documentation, including our statements related to business conduct, ethics, modern slavery, and more, please visit https://www.mimecast.com/legal/.

    To learn more about our governance efforts, download our 2025 ESG Report.

    Back to Top