MindBridge complies with the American Institute of CPAs Security Organization Controls (SOC) and is certified SOC 2® Type 2 and SOC 3® Type 2.
MindBridge’s certification for ISO/IEC 27001:2013, ISO 27017:2015, and ISO 27018:2019 was issued by A-LIGN, an independent and accredited certification body, on successful completion of a formal audit process. 
Adherence to internationally recognized standards
ISO 27001: 2013 is a security standard that governs an organization’s Information Security Management System (ISMS) and mandates specific requirements in the implementation, monitoring, maintenance, and continuous improvement of the ISMS. This includes implementing steps to identify and maintain the assets, technologies, and processes needed to protect customer information and to help ensure the confidentiality, integrity, and availability of customer data and supporting services.
ISO 27017: 2018 is a security standard that provides guidance on the information security aspects of cloud computing.
MindBridge uses this standard to supplement the ISO 27001:2013 standard with cloud-specific controls that are applied to its public cloud environment.
ISO 27018: 2019 is a code of practice that focuses on protection of personally identifiable information (PII) in the public cloud.
By providing cloud services, MindBridge acts as a data processor to its customers. MindBridge uses ISO/IEC 27018:2014 standard in order to protect the PII that it processes for its customers.
SOC 2 reports contain an independent attestation of control environment relevant to system security, confidentiality and availability. SOC 2 audits are conducted against SSAE 18 attestation standards.
MindBridge uses the SOC 2 reports to demonstrate the operating effectiveness of its controls used relates to security, availability, processing integrity, confidentiality, and privacy of its public cloud environment.
MindBridge is SOC 3 compliant. SOC 3 is a report based on the same standards as a SOC 2 report, but instead, a SOC 3 report includes a description of the controls in place at the service organization as of a specific date, as well as an opinion from an independent service auditor about the effectiveness of the controls over the audit period.
The purpose of a SOC 3 report is to provide assurance to customers, stakeholders, and other interested parties about the controls in place at the service organization that relate to the trust principles of security, availability, processing integrity, confidentiality, and privacy.
