We secure our infrastructure, both in the cloud and at data centers, to prevent malicious access of our network, servers, and applications. This includes controls for physical and virtual access, monitoring, and user authentication.
To secure our data centers, we:
To secure our network and endpoints, we:
To manage vulnerabilities, we:
We protect client data with best-in-class processes, including data segregation between environments and products, data encryption at rest and in transit, and secure data access methods.
To secure MeridianLink and client data, we:
To restrict employee access to data, we:
We design our applications with security at the forefront. This involves security working directly with our product teams during the design phase, security testing during development, and penetration testing after development.
To secure our applications, we:
We design our products with multiple security features to best protect our clients and their business. This includes password settings, two-factor authentication, client-managed access controls, and audit logging.
To enable secure customer access to our products, we:
To restrict access to our products, we:
We ensure our employees are prepared to deal with common security threats. This includes annual security awareness training and secure development. We have policies in place to ensure the security of the MeridianLink organization.
To ensure operational security, we:
To ensure employee preparedness, we:
To manage risks from vendors and third parties, we:
We ensure our systems continue running in case of interruption with a business continuity and disaster recovery program. Testing is performed annually to ensure we can meet guarantees to clients. Robust data backup and recovery systems are deployed to ensure resiliency and protection of client data.
To ensure resiliency, we:
We maintain an incident response plan to ensure timely and effective response to security events. Logs are monitored 24/7 by a SOC and escalated as appropriate based on triage.
To ensure an effective response to all incidents, we: