Legal and Compliance
As a global Cloud services provider, we've built a comprehensive privacy and security program to meet our clients' complex data security requirements.
Audit and Compliance
Mitratech maintains thorough privacy and security assessments and certifications performed by third parties:
- We’re aligned with ISO 27001 security controls for corporate and cloud environments.
- Alignment with ISO 27018 privacy controls for the cloud environment and client data.
- Mitratech has an independently audited SSAE16 SOC 2 Type 2.
- Access Mitratech’s SOC 3 report, which confirms Mitratech has maintained effective controls over the security and confidentiality of our SaaS System.
Recently, the regulatory framework most companies must work within has become very complex and difficult to implement. Mitratech provides a dedicated team that proactively deals with this rapidly changing regulatory landscape, and our clients reap the benefits of remaining compliant with evolving laws and guidelines. This includes:
- Multiple state Security Incident notification laws
- Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA)
- Financial Modernization Act of 1999 or Gramm-Leach-Bliley Act (GLB)
- EU General Data Protection Regulation (2016) replacing Data Protection Directive EC 95/46
- Data Protection Directive 95/46/EC
- EU Privacy Shield replacing U.S-EU Safe Harbor.
- Personal Information Protection and Electronic Documents Act of 2000 (PIPEDA)
Mitratech utilizes collocated data center space that’s dedicated to us and our client needs. These are classified as Tier 4 data centers with 99.995% availability, with locations in the United States and United Kingdom.
- 24-hour manned security, including foot patrols and perimeter inspections
- Biometric scanning for access
- Dedicated concrete-walled Data Center rooms
- Video surveillance throughout facility and perimeter
- Building engineered for local seismic, storm, and flood risks
- Tracking of asset removal
- Humidity and temperature control
- Redundant (N+1) cooling system
- Multiple fiber entries from different points into the data center
- Fully redundant Internet and internal networks
- Utilizing all Tier 1 carriers located near Internet Exchange Points
- High bandwidth capacity.
- Multiple city power grids feed from different points into the data center
- Redundant (N+1) Power Systems
- Redundant (N+1) diesel generators with on-site fuel storage
- VESDA (very early smoke detection apparatus)
- Multi-zone, pre-action dry pipe water-based fire suppression