ISO 27001 is the international standard which is recognised globally for managing risks to the security of information you hold. Certification to ISO 27001 allows you to prove to your clients and other stakeholders that you are managing the security of your information. ISO 27001:2013 (the current version of ISO 27001) provides a set of standardised requirements for an Information Security Management System (ISMS). The standard adopts a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.
Mimecast has received the SOC 2 Type II attestation report that tested the operating effectiveness of Mimecast's global systems and operations for the Trust Services Principles for Security, Availability, Processing Integrity, Confidentiality, and Privacy. This is available on request to prospects that sign the appropriate NDA and to existing customers under their service agreement confidentiality.
This report is intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. It is intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its internal controls.
The Criminal Justice Information Services (CJIS) is a division of the US FBI that sets standard for information security, guidelines and agreements aimed at protecting the Criminal Justice Information (CJI). The standards are reflected in the CJIS Security Policy, which describes the appropriate controls to protect the transmission, storage and access to data. While there is no CJIS authorization body or standardized assessment approach determining CJIS compliance, Mimecast has engaged with CJIS ACE to perform an audit of the controls within our Public Sector Grid to ensure they meet the requirements of the CJIS. This resulted in obtaining a CJIS Ready badge demonstrating that Mimecast satisfies those requirements across the 13 policies outlined in the CJIS Security Policy.
Upon request, Mimecast provides customers with information about our security and compliance programs, including security packages, to help customers assess our services against their own legal and regulatory requirements.
Don’t hesitate to send questions regarding our certifications to Mimecast’s Trust Center mailbox (firstname.lastname@example.org).