Trust at Medallia
The experience you provide your customers never stops, and neither do we. As the market leader in Customer Experience Management (CEM), we are trusted by the world’s most revered companies to handle their data. We know how critical data security is to our customers—many of whom operate in highly regulated industries like finance, healthcare, and telecom—and we maintain industry-leading practices to protect that data. Here’s an overview of how we have built security at Medallia.
Data Center Security
A SaaS platform with enterprise-grade security features, and it’s not in the cloud? That’s right. We own and maintain the backend infrastructure where customer data is stored. We use data centers in various geographic locations for continuity and regulatory purposes, which are Tier III, SOC 2 and/or ISO 27001 certified. Our data centers have common security practices, including closed-circuit video monitoring and 24/7-manned guards, and require the use of biometric access controls to our locked cages.
Our customer’s data – and the security of that data – is of utmost importance to us, which is why we provide our customers with complete control over their data. We also provide completely configurable settings, including granular role-based access and IP whitelisting capability. Our application supports the use of SAML for Single Sign-On, and all communications between the customer, and our servers are encrypted using TLS. And, our security architecture ensures segregation of customer data.
We utilize both internal and external services to perform continuous scanning and monitoring of our network and application. We also conduct regular vulnerability scans, risk assessments and penetration tests.
We believe in taking a proactive stance on securing our systems and applications. We follow industry best practices, as well as our customers’ recommendations, to harden our systems. When it comes to our application, our developers follow industry best practices during the software development lifecycle, including OWASP Top 10 and relevant technology specific guidelines. We rigorously test our code prior to and after the deployment to production.
We strive to be industry leaders in regulatory requirements and compliance – which is why we are the only CEM platform that is SOC 2 compliant and ISO 27001 certified. Our processes and controls are regularly audited by internal and external parties, including customers and independent assessors. We have also successfully undergone audits and are compliant with ISAE 3000 and HIPAA, and have attained certification under the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield frameworks.
To report an incident, concern, or for general security questions, please email [email protected]