"Trust is the foundation of our business and security and data protection is built into everything we do. Mimecast holds itself to the highest security and privacy standards and has implemented security and data protection measures that span across the technology, operations, and legal aspects of protecting customer data. Certifications, Attestations and Assessments are consistently undertaken and maintained to provide transparency and communicate internal controls to our customers and partners". - Elizabeth Ruhl CISSP, CIPM, CIPT, SABSA SCF, Senior Director, GRC & Corporate Compliance Officer
ISO 22301 Certification
ISO/IEC 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
ISO 27001 Certification
ISO/IEC 27001 is the internationally recognized, best-known standard providing requirements for an information security management system (ISMS). ISO 27001 Information Security and data protection certification provides organizations with a way to globally certify information security and data protection for businesses which are safeguarding both their client and company data against potential threats. By integrating a robust information security management system, organizations can ensure that the quality, safety, service and product reliability of the organization is safeguarded to the highest level.
SOC 2 Attestation Reports
These reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. They are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its internal controls.
Mimecast North America’s SOC 2 Type 1 report reported on the description of Mimecast's system and the suitability of the design of controls in place.
Mimecast has also received the SOC 2 Type II attestation report that tested the operating effectiveness of Mimecast's global systems and operations for the Trust Services Principles for Security, Availability, Processing Integrity, and Confidentiality.
Both reports are available on request to prospects that sign the appropriate NDA and to existing customers under their service agreement confidentiality.
Shared Information Gathering (SIG) Assessment Report
The Standardized Information Gathering (“SIG”) questionnaire contains a robust, yet easy-to-use set of questions to gather and assess information technology, operating and security risks (and their corresponding controls) in an information technology environment. The SIG questions are based on referenced industry standards and guidelines (including, but not limited to, FFIEC, OCC, ISO, NIST, COBIT and PCI), and in addition to assessing a third-party’s environment, can be used by a company to self-assess its own control environment. The SIG is in an Excel format, which should be familiar to most users. The Mimecast completed SIG Questionnaire Report is available on request to prospects that sign the appropriate NDA and to existing customers under their service agreement confidentiality.
Mimecast GRC Mailbox
Mimecast partners with customers to help them address a wide range of international, country and industry-specific regulatory requirements. By providing customers with independently certified and audited cloud services, Mimecast makes it easier for customers to achieve compliance for their infrastructure and applications. Mimecast provides customers with detailed information about security and compliance programs, including security packages, to help customers assess our services against their own legal and regulatory requirements.
Don’t hesitate to send questions regarding this page to Mimecast’s GRC mailbox (GRC@mimecast.com).