Legal and Compliance - Mitratech

LEGAL AND COMPLIANCE

Mitratech is a global cloud provider and has built a comprehensive privacy and security program to meet the complex requirements of our clients. We understand our clients trust us with their vital and sensitive information and we employ a multi-layered approach to protect that information.

Legal and Compliance

Audit and Compliance

Mitratech maintains thorough privacy and security assessments and certifications performed by third parties.

  • Mitratech is aligned with ISO 27001 security controls for corporate and cloud environments.
  • MItratech is aligned with ISO 27018 privacy controls for the cloud environment and client data.
  • Mitratech has an independently audited SSAE16 SOC 2 Type 2
  • Access Mitratech’s SOC 3 report, which confirms Mitratech has maintained effective controls over the security and confidentiality of our SaaS System

Regulatory Landscape

Recently, the regulatory framework has become very complex and difficult to implement. Mitratech has a dedicated team that continues to be proactive in a rapidly changing regularity landscape. Our clients can reap the benefits from Mitratech’s compliance program and remain compliant with these rapidly changing laws. This includes:

United States

  • Multiple state Security Incident notification laws
  • Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA)
  • Financial Modernization Act of 1999 or Gramm-Leach-Bliley Act (GLB)

European Union

  • EU General Data Protection Regulation (2016) replacing Data Protection Directive EC 95/46
  • Data Protection Directive 95/46/EC
  • EU Privacy Shield replacing U.S-EU Safe Harbor.

Canada

  • Personal Information Protection and Electronic Documents Act of 2000 (PIPEDA)

Data Centers

Mitratech utilizes collocated data center space that is dedicated to Mitratech. The data centers are classified as Tier 4 data centers with 99.995% availability with locations in the United States and United Kingdom.

Physical Security

  • 24-hour manned security, including foot patrols and perimeter inspections
  • Biometric scanning for access
  • Dedicated concrete-walled Data Center rooms
  • Video surveillance throughout facility and perimeter
  • Building engineered for local seismic, storm, and flood risks
  • Tracking of asset removal

Environmental Controls

  • Humidity and temperature control
  • Redundant (N+1) cooling system

Network

  • Multiple fiber entries from different points into the data center
  • Fully redundant Internet and internal networks
  • Utilizing all Tier 1 carriers located near Internet Exchange Points
  • High bandwidth capacity.

Power

  • Multiple city power grids feed from different points into the data center
  • Redundant (N+1) Power Systems
  • Redundant (N+1) diesel generators with on-site fuel storage

Fire Suppression

  • VESDA (very early smoke detection apparatus)
  • Multi-zone, pre-action dry pipe water-based fire suppression