“As a trusted leader in the digital lending space, security is in our DNA. We maintain a robust information security program to ensure the ongoing protection of our applications, networks, and systems. We take the security of the data entrusted to us by our clients very seriously, as well as the continued availability of our platforms.”
— Kevin Patel, Chief Information Security Officer, MeridianLink
Security by Design
Our dedicated security team leverages industry-accepted best practices and frameworks to secure our systems and your data. Learn more about our security architecture and practices focused on governance, risk management, and compliance.
We maintain a comprehensive security program designed to protect the confidentiality, integrity, and availability of client data. This includes an annual SOC 2 Type 2 audit and PCI DSS audit. Read our Privacy Policy to learn more about how we secure data.
Our infrastructure takes advantage of the latest technologies to ensure our products are reliable and scale with our customers’ businesses. We maintain a strict maintenance cycle during non-peak hours to ensure consistent, stable delivery. Please visit the MeridianLink Statuspage for real-time updates and consider subscribing to receive pro-active notifications.
With our annual SOC 2 Type 2 audit, we affirm that our internal controls effectively safeguard customer data.
PCI DSS
We maintain PCI DSS compliance, adhering to policies and procedures that protect credit, debit, and cash card transactions.
Security & Trust FAQ
Does MeridianLink have an information security program?
Yes. MeridianLink has an information security program headed by the Chief Information Security Officer (CISO). The MeridianLink Information Security Team is charged with maintaining the program and securing MeridianLink.
Is the program aligned to industry standards?
Yes. Our information security program is based on the NIST Cybersecurity Framework and ISO 27001.
How do I get a copy of MeridianLink’s due diligence documentation?
Login to the support portal to access a self-servicedownload of the most recent documentation.
Does MeridianLink rely on any third parties?
Yes. MeridianLink utilizes co-location data centers and public cloud providers to host MeridianLink servers.
Does MeridianLink undergo third-party audits?
Yes. MeridianLink participates in annual SOC 2 and PCI DSS audits.
Does MeridianLink have a dedicated Security team?
Yes. Our security and compliance efforts are guided and monitored by our CISO and Security Team, which is comprised of security analysts, engineers, GRC analysts, and architects.
What methodologies are used to encrypt MeridianLink customer data?
MeridianLink uses the following methods to encrypt customer data:
Data at rest is encrypted using AES-256.
Data in transit across open networks is encrypted using TLS 1.3 (at minimum TLS 1.2).
User passwords are salted and hashed.
Where are MeridianLink data centers located?
MeridianLink leverages a hybrid infrastructure environment. Our products are hosted in on-premises data centers as well as on Microsoft Azure and Amazon Web Services infrastructure across multiple Availability Zones, with a DR site established in a different region. These data centers employ leading physical and environmental security measures, resulting in highly resilient infrastructure.
Reporting a Security Vulnerability
We maintain a private bug bounty program with a leading provider of crowdsourced ethical hackers. If you find a security vulnerability in any of our products, please submit a report. If you have a security issue or question, please contact us at security@meridianlink.com.
