Subscribe to Cyber Resilience Insights
Get the latest cybersecurity news, analysis and tips delivered to your inbox every week.
On 25 May, 2018, a new European privacy law, the General Data Protection Regulation (GDPR), came into effect. GDPR imposes new obligations on companies and government agencies that market, track, or handle the personal data of individuals residing in the European Union (EU).
Mimecast is committed to GDPR compliance across our products and services and will provide GDPR related assurances in our contracts.
Please visit our GDPR area for information on how Mimecast is assisting our customers in achieving GDPR compliance.
ISO 27001 is the international standard which is recognised globally for managing risks to the security of information you hold. Certification to ISO 27001 allows you to prove to your clients and other stakeholders that you are managing the security of your information. ISO 27001:2013 (the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS). The standard adopts a process based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.
These reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. They are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its internal controls.
Mimecast North America’s SOC 2 Type 1 report reported on the description of Mimecast's system and the suitability of the design of controls in place.
Mimecast has also received the SOC 2 Type II attestation report that tested the operating effectiveness of Mimecast's global systems and operations for the Trust Services Principles for Security, Availability, Processing Integrity, and Confidentiality.
Both reports are available on request to prospects that sign the appropriate NDA and to existing customers under their service agreement confidentiality.
The Standardized Information Gathering (“SIG”) questionnaire contains a robust, yet easy-to-use set of questions to gather and assess information technology, operating and security risks (and their corresponding controls) in an information technology environment. The SIG questions are based on referenced industry standards and guidelines (including, but not limited to, FFIEC, OCC, ISO, NIST, COBIT and PCI), and in addition to assessing a third-party’s environment, can be used by a company to self-assess its own control environment. The SIG is in an Excel format, which should be familiar to most users. The Mimecast completed SIG Questionnaire Report is available on request to prospects that sign the appropriate NDA and to existing customers under their service agreement confidentiality.
Mimecast has met a UK government requirement to publish its gender pay gap data. We believe that greater transparency and accountability will help us demonstrate and improve our commitments to equality and diversity.
Mimecast partners with customers to help them address a wide range of international, country and industry-specific regulatory requirements. By providing customers with independently certified and audited cloud services, Mimecast makes it easier for customers to achieve compliance for their infrastructure and applications. Mimecast provides customers with detailed information about security and compliance programs, including security packages, to help customers assess our services against their own legal and regulatory requirements.
Don’t hesitate to send questions regarding this page to Mimecast’s Trust Center mailbox (firstname.lastname@example.org).
Mimecast support locations are available here.