Skip to main content
Skip table of contents

Security policy

Coding standards and development
A well-built environment starts with high coding standards that protect against attempts at security breaches and are accompanied by code reviews and testing. We have strict development processes and follow specified coding standards to guarantee the best security practices.

Application security
System components undergo testing and code reviews to assess the security of our application interface, architecture, and service layers before we add this code to the production systems.

Mentech always assesses the security of third-party software before adding them to our production systems.

Annual security audits
Mentech has its systems undergo annual security audits by independent third parties to continuously improve and guarantee security. Contact us to view the most recent report.

System configuration
Server and system access is limited to a number of qualified people at Mentech and requires SSH keys, VPN access, and trusted computers, along with usernames and passwords. In addition, everyone at Mentech must enable two-factor authentication on our platform. No individual authentication credentials are shared at Mentech.

Physical datacenter security
Our physical infrastructure is hosted and managed in data centers by Amazon Web Services and Microsoft at physical locations in Germany, Ireland, and the Netherlands. We rely on their flexible and secure Cloud infrastructure. The data centers ensure maximum security and protection of data. They make sure that all data is stored in well-protected data centers. All data centers we use are secured and monitored 24/7. Physical access to datacenter facilities is strictly limited to selected datacenter employees. They continuously manage risk and undergo periodic evaluations to ensure compliance with industry standards.

How specific datacenters deal with fire detection, power loss, natural disasters, temperature control, datacenter management, etc. can be found on the websites of the datacenters (in English):

AWS Cloud Security

https://servicetrust.microsoft.com

In addition, a subset of your data is stored on Mentech’s physical servers in the Netherlands. Mentech takes sufficient measures to protect our physical servers against data loss.

Personal data security
Mentech offers various security options to increase privacy and security (e.g. two-factor authentication, single sign-on). No one will be able to view personal data without authorization as long as login credentials are not shared.

Mentech employee data access
All employees must agree to company policy, including the security policy.

Only a few Mentech employees have the ability to access the database and data streaming systems.

Mentech new employee policy
All new employees at Mentech are required to read and agree to both the security policy and the privacy policy.

Mentech exit policy
During the exit process of employees, all login credentials for the departing employee are removed.

All data on electronic devices used by the departing employee is completely erased.

The resigning employee has signed an agreement not to disclose anything about business activities or customers after leaving.

Data in transit
Mentech uses SSL / TLS to secure data during transmission. SSL certificates are updated regularly.

Active monitoring is carried out for breaches of security measures, including reporting on them.

Mentech’s security team uses monitoring and analysis capabilities to identify potentially harmful activities within our infrastructure and network. User and system behavior are monitored for suspicious activity, and investigations are carried out according to our incident reporting and response procedures.

Data in storage
Data in the cloud is stored with encryption, and backups of this data are made daily.

All mobile devices at Mentech B.V. have full-disk encryption enabled. This data is only readable by logged-in users. Mentech B.V. also has the ability to remotely wipe these devices.

Anonymization of data
The (eventual) anonymization of data by Mentech is done by removing from the database all data that can be traced back to a person, including the key to identifying the relevant person. All personal data stored by Mentech in any other way will also be permanently deleted after the end of the processing services.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close