Audit and Compliance
Mitratech maintains thorough privacy and security assessments and certifications performed by third parties.
- Mitratech is aligned with ISO 27001 security controls for corporate and cloud environments.
- MItratech is aligned with ISO 27018 privacy controls for the cloud environment and client data.
- Mitratech has an independently audited SSAE16 SOC 2 Type 2
- Access Mitratech’s SOC 3 report, which confirms Mitratech has maintained effective controls over the security and confidentiality of our SaaS System
Recently, the regulatory framework has become very complex and difficult to implement. Mitratech has a dedicated team that continues to be proactive in a rapidly changing regularity landscape. Our clients can reap the benefits from Mitratech’s compliance program and remain compliant with these rapidly changing laws. This includes:
- Multiple state Security Incident notification laws
- Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA)
- Financial Modernization Act of 1999 or Gramm-Leach-Bliley Act (GLB)
- EU General Data Protection Regulation (2016) replacing Data Protection Directive EC 95/46
- Data Protection Directive 95/46/EC
- EU Privacy Shield replacing U.S-EU Safe Harbor.
- Personal Information Protection and Electronic Documents Act of 2000 (PIPEDA)
Mitratech utilizes collocated data center space that is dedicated to Mitratech. The data centers are classified as Tier 4 data centers with 99.995% availability with locations in the United States and United Kingdom.
- 24-hour manned security, including foot patrols and perimeter inspections
- Biometric scanning for access
- Dedicated concrete-walled Data Center rooms
- Video surveillance throughout facility and perimeter
- Building engineered for local seismic, storm, and flood risks
- Tracking of asset removal
- Humidity and temperature control
- Redundant (N+1) cooling system
- Multiple fiber entries from different points into the data center
- Fully redundant Internet and internal networks
- Utilizing all Tier 1 carriers located near Internet Exchange Points
- High bandwidth capacity.
- Multiple city power grids feed from different points into the data center
- Redundant (N+1) Power Systems
- Redundant (N+1) diesel generators with on-site fuel storage
- VESDA (very early smoke detection apparatus)
- Multi-zone, pre-action dry pipe water-based fire suppression