Mantium Security Statement
Mantium was founded by information security professionals and the highest level of security is built into Mantium products right from their beginning. Mantium treats all customer data as confidential and the protection of customer data and the security of the Mantium platform is of the utmost importance.
Information Security Policy
Mantium maintains a written Information Security policy that defines acceptable use of and access to Mantium's resources. The organization receives signed acknowledgement from users indicating that they have read, understand, and agree to abide by the rules of behavior, before providing authorized access to Mantium resources. Mantium's policies are periodically reviewed and updated as necessary.
Operational Security
Auditing and Logging
Auditing is enabled on all Mantium infrastructure, systems and applications. Audit logs provide a detailed account of user access to data and systems. Access to Mantium auditing and logging data is controlled by limiting access to authorized individuals. Security events are identified, monitored, and addressed by Mantium security team members.
Security Assessments
Mantium regularly conducts vulnerability assessments on all Mantium resources. External surfaces are continuously monitored for security compliance and new threats. Internal vulnerability tests are conducted regularly, which includes testing applications and systems as well as internal access controls.
End to End Encryption
Mantium employs end to end encryption for all customer data stored and all internal and external transactions. We use TLS 1.2 for client connections and encrypt all data at rest.
SDLC - Code and Infrastructure
Mantium adheres to a formal documented Secure Development Policy. All of Mantium's application code goes through a full suite of automated tests, in addition to manual reviews and acceptance. Firstly, when code is committed it passes through the automated tests and the output of this is reviewed by the developers and security team. Code that passes all automated tests and manual reviews is then pushed to a staging server. Code in the staging environment is further tested for security and stability before being released to the production servers.
New features and large changes are architected by the developers with the application security team with the aim to ensure that all parts of the application are designed from the beginning with security in mind.
Platform Security
Mantium application servers are hosted on platforms that meet the highest security standards,
including:
- SOC 2, Type I
- SOC 2, Type II
Key Management
Encryption/Decryption keys are stored within a secured environment separate from customer data. Access requires multiple layers of authentication and is audited.
Access and Monitoring
Mantium audits and reviews all access to Mantium resources by Mantium employees and external users. Policies dictate that employees have access only to resources that are required to carry out their duties.
Vulnerability Management
Mantium continuously monitors systems for vulnerabilities and security misconfigurations. All identified vulnerabilities are reviewed by the security team and given a risk rating and mitigation strategy. Issues are assigned to the appropriate Mantium personnel who carry out the mitigation, which is then verified by the security team.
Updated over 1 year ago