MeridianLink takes the security of the data entrusted to us by our clients very seriously, as well as the continued availability of our SaaS applications. We recognize that the cyber threats facing us, our clients, and the financial services industry as a whole are greater than ever. We have therefore developed and implemented an advanced and robust information security program to ensure the ongoing protection of our applications, networks, and systems.
Data Center Security
MeridianLink utilizes data center facilities with CCTV, two factor authentication, environmental controls, and monitoring. Data is stored on MeridianLink hardened equipment using multiple security controls. To maintain our application availability, we have deployed a fully redundant infrastructure without single points of failure. All data center locations maintain on-site power generation capacity, ensuring we can continue providing service through most power outages. We have also established a failover site in the event our primary data center locations become unreachable by our clients.
MeridianLink uses best-of-breed security tools from established vendors to ensure we are able to protect against and respond to the latest threats. We also regularly evaluate new technology that may help us further strengthen our defenses. Types of security tools we use include: next-generation firewalls, web application firewalls, filtering proxies, anti-malware, anti-phishing, strong encryption, intrusion detection and prevention, network segmentation, static code analysis, dynamic vulnerability scanning, two-factor authentication, and patch management.
To build and maintain our robust information security program, MeridianLink has a dedicated team of passionate, highly skilled, and certified professionals. They work hard to ensure our application solutions are always ready when you need them, and keep your data secure.
Assurance and Compliance
MeridianLink contracts with expert third-party firms to annually test our security controls and processes against industry best practices and standards such as NIST and PCI-DSS. We also submit to annual service organization audits, e.g. SOC 2 Type 2, by accredited firms.
Security Issues, Questions, Incident Reports
As part of our security controls, MeridianLink accepts public reports of security issues. Please report any issues with security in any MeridianLink system, any reports of identity theft security incidents, or any questions about MeridianLink security here: firstname.lastname@example.org.
Do not include any confidential data or PII, such as social security numbers, account numbers or credit card numbers in your email.